Richard Manfredi, Author at Gibson Dunn

In this article, originally published by Law360, we distill the array of major global AI developments to spotlight a narrow but vitally important area — practical insights for employers using AI in the workplace.

We have been witnessing an absolute whirlwind of artificial intelligence policy developments around the globe.

On Dec. 8, European Union policymakers reached a historic agreement on the AI Act — the world’s most comprehensive risk-based framework governing AI systems. Although details will be finalized in the coming weeks, the AI Act’s full set of requirements is expected to go into effect in approximately the next two years.

This is just the latest significant development in AI regulation and governance — following the release of the risk-based AI international code of conduct by G7 leaders, 18 countries signing onto international guidelines on safe AI development and deployment, and the UK’s AI Safety Summit.

Additionally, in the U.S., the White House recently issued its AI executive order. At the same time, AI-related developments have been continuing at the state level, including the California Privacy Protection Agency, or CPPA, publishing discussion draft regulations relating to automated decision-making technology.

Each of these developments shows keen interest in AI regulation and is a road map to the potential requirements and guardrails for those developing and deploying AI tools.

There is a recognition that AI has the potential to transform a range of industries, and that we are merely at the beginning of this technological journey.

In this article, we will seek to move past AI buzzwords and amorphous definitions to distill the array of major AI developments to spotlight a narrow — but vitally important area — practical insights for employers using AI in the workplace.

In particular, we will address how:

- The now officially forthcoming EU AI Act may impose compliance obligations on U.S. employers deploying AI systems;
- The U.S. Department of Labor’s new role as articulated under the AI executive order and recent coordinating efforts with two federal agencies is likely to result in increased AI enforcement actions and influence how AI in the workplace is regulated;
- The recently released draft AI guidance from the White House’s Office of Management and Budget — while not directly applicable to most companies, other than government contractors — is likely to be an instructive guide as to expectations at the federal level; and
- California’s recently published automated decision-making prerulemaking efforts might shape regulation at the state level.

Read More

Reproduced with permission. Originally published by Law360, New York (December 14, 2023).

The following Gibson Dunn attorneys prepared this article: Vivek Mohan and Emily M. Lamm.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Artificial Intelligence or Labor and Employment practice groups, or the authors:

Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)

Emily Maxim Lamm – Washington, D.C. (+1 202.955.8255, elamm@gibsondunn.com)

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

On November 1, 2023, the New York Department of Financial Services (“NYDFS” or “the Department”) finalized the amendments to its Part 500 Cybersecurity Regulation (the “Second Amended Cybersecurity Regulation”) and cemented its status as a proactive regulatory leader in the effort to protect consumer data, promote cybersecurity governance best practices, and keep pace with new cybersecurity threats and emerging technology.

In line with NYDFS’s risk-based approach to cybersecurity, and as previewed in its previous drafts, the Second Amended Cybersecurity Regulation introduces several notable changes, including expanded responsibility for senior governing bodies, obligations to implement additional safeguards, new requirements for larger companies, new and increased obligations related to written policies and procedures, heightened requirements around audits and risk assessments, and additional reporting requirements for cybersecurity incidents.

NYDFS’s cybersecurity regulation, 23 NYCRR Part 500 (the “Cybersecurity Regulation”), was first released in March 2017 and went into full effect in March 2019. A minor, ministerial amendment changing the date of the required annual certification was made in 2020 (the “First Amended Cybersecurity Regulation”). In July of 2022, NYDFS began the process of a thorough review and update to the regulation. Since then, NYDFS has issued three draft amendments—the initial Draft Proposed Second Amendment (published July 29, 2022), the Proposed Second Amendment (published November 9, 2022), and the Revised Proposed Second Amendment (published June 28, 2023)—and held two notice and comment periods with active stakeholder participation.

Key updates to the Cybersecurity Regulation, as reflected in the Second Amended Cybersecurity Regulation, are highlighted below:

Heightened Obligations for Senior Leadership and Governing Bodies

Under the Second Amended Cybersecurity Regulation, the “senior governing body” of a covered entity joins the Chief Information Security Officer (“CISO”) at the helm of the company’s cybersecurity apparatus. “Senior governing body” is broadly defined to account for the varied sizes, corporate structures, business models, and industries under NYDFS’s purview. A covered entity’s board of directors or equivalent governing body, a board committee, or senior officer(s) responsible for the entity’s cybersecurity program would all qualify as senior governing bodies under the updated regulation.

The senior governing body of a covered entity is required to exercise oversight of the covered entity’s cybersecurity risk management. At a minimum, this entails (i) having a sufficient understanding of cybersecurity-related matters; (ii) requiring management to develop, implement, and maintain the covered entity’s cybersecurity program; (iii) regularly receiving and reviewing management reports on cybersecurity; and (iv) confirming that sufficient resources are allocated in order to implement and maintain the cybersecurity program. Previously, a covered entity’s CISO was charged with ensuring sufficient allocation of resources to develop and maintain an effective cybersecurity system; in recognition of the fact that senior governing bodies, not CISOs, tend to make enterprise-wide resource allocation decisions, NYDFS shifted that responsibility to the senior governing body.

The Second Amended Cybersecurity Regulation also expands reporting obligations on the CISO, requiring the timely reporting of material cybersecurity issues to the senior governing body or senior officer(s), such as significant cybersecurity events and significant changes to the cybersecurity program.

Increased Investment in Cybersecurity Programs

The Second Amended Cybersecurity Regulation requires covered entities assess the adequacy of their governance practices and their investments in technology and personnel. In addition to significantly expanding the breadth of covered entities’ cybersecurity efforts by including “nonpublic information stored on the covered entity’s information systems” in its definition of “cybersecurity program,” NYDFS established additional requirements related to written policies and procedures.

Companies must have written incident response plans, business continuity and disaster recovery plans, and plans for investigating and mitigating cybersecurity events. As it did in the original Cybersecurity Regulation in 2017 for the then-novel incident response plans, NYDFS took care to enumerate a number of proactive measures intended to help covered entities formulate effective business continuity plans. The draft amendments related to business continuity and incident response plans remained largely the same throughout the process of reviewing and updating the regulation, though the Department did make a few practical and logistical changes.

Each covered entity must also implement written policies and procedures that are designed to produce and maintain a complete, accurate, and documented asset inventory of its information systems. NYDFS made a subtle adjustment to this provision from the June 2023 Revised Proposed Second Amendment, requiring covered entities to “produce and maintain” an asset inventory rather than “ensure” it exists—this is one of many instances where the Department made revisions geared toward providing covered entities with concrete guidance on how to navigate the cybersecurity landscape.

Separate Requirements for Larger “Class A” Companies

NYDFS codified heightened cybersecurity requirements for a newly defined class of larger entities, termed “Class A” companies. Throughout its drafting process, NYDFS iterated upon the scope and scale of Class A companies, and ultimately chose a relatively limited definition. Class A companies are those with an in-state gross annual revenue over $20 million in each of the last two fiscal years, and have had either (i) an average of more than 2,000 employees, or (ii) over $1 billion in gross annual revenue in each of the last two fiscal years. When calculating these figures, entities should include any affiliates that it shares information systems, cybersecurity resources, or a cybersecurity program with.

The Department has imposed several obligations on Class A companies, including to design and conduct independent audits of their cybersecurity programs based upon their respective risk assessments; monitor privileged access activity and implement privileged use management solutions; and implement security precautions such as centralized logging and notifications for security alerts, automatic rejection of common or simple passwords, and endpoint detection and response solutions for anomalous activity.

While the Revised Proposed Second Amendment published on June 28, 2023 would have required audits of Class A cybersecurity programs on an annual basis, the final Second Amended Cybersecurity Regulation introduces some flexibility by requiring audits at a frequency determined by the results of the entity’s risk assessments. This change reflects the Department’s understanding that designing and conducting annual audits may be a particularly burdensome, time-consuming, and resource-heavy endeavor given the size of Class A companies and the complexity of their cybersecurity programs. NYDFS did, however, add that Class A companies should design their audits, in addition to conducting them, which demonstrates NYDFS’s desire for covered entities to be engaged, comprehensive, and diligent about their cybersecurity efforts.

Additional Requirements for Audits and Risk Assessments

In earlier draft amendments, NYDFS had proposed strict requirements related to audits, risk assessments, and penetration tests, such as prohibiting the use of internal auditors and requiring covered entities retain external auditors. Many public commenters took issue with these proposals; in response, the Department expanded the pool of eligible auditors and experts to include internal personnel and reduced the rigidity of timetables for certain obligations. Under the Second Amended Cybersecurity Regulation:

An “independent” audit is one conducted by internal or external auditors, who are free to make their own decisions and are not influenced by the covered entity or its owners, managers, or employees;
Class A companies must re-review and update their risk assessments at least annually, and whenever changes to their business or technology result in a “material change” to the cyber risk they face;[1] and
Penetration testing of information systems must be performed annually by qualified internal or external “parties” (not necessarily by “experts,” as contemplated in the Proposed Second Amendment).

In addition, the Second Amended Cybersecurity Regulation includes a new requirement that risk assessments must “inform the design” of the cybersecurity program and enable adjustments in controls to address evolving cybersecurity and privacy risks. This includes general risks and those particular to the covered entity’s business operations.

Incident Notification Obligations

Covered entities should take note of the growing number and increased sophistication of cybersecurity events in recent years. In an effort to combat these threats, NYDFS established a new 24-hour notification obligation in the event a covered entity makes a ransom payment, and a 30-day window for covered entities to provide a written description of why the payment was necessary, alternatives to payment that were considered, and all diligence conducted to ensure compliance with applicable rules and regulations.

NYDFS narrowed the circumstances for which covered entities would have to provide NYDFS with notice by differentiating between “cybersecurity events” and “cybersecurity incidents.” Under the Second Amended Cybersecurity Regulation, entities must notify NYDFS only where the covered entity has determined that there is an incident at the covered entity, its affiliate, or a third-party service provider that: (i) impacts the covered entity and has triggered the notification requirement of another governmental body, self-regulatory agency, or other supervisory body; (ii) has a reasonable likelihood of materially harming normal operations of the covered entity; or (iii) results in the deployment of ransomware within a material part of the covered entity’s information systems.

NYDFS considered, but did not adopt, a requirement that entities notify the Department of any incident involving unauthorized access to a “privileged account,”[2] acknowledging that such an overbroad requirement would likely lead to overreporting and the inefficient use of resources.

Compliance Timeline

In general, entities have 180 days, or until April 29, 2024, to comply with the Second Amended Cybersecurity Regulation. However, several provisions have different specified transitional periods that override this general timeline:

Incident reporting requirements take effect 30 days after the effective date of the Second Amended Cybersecurity Regulation, or December 1, 2023.
Governance, encryption, incident response plan and business continuity management, and the limited exemption provisions take effect one year after the effective date of the Second Amended Cybersecurity Regulation, or November 1, 2024.
Vulnerability scanning, access privileges and management, and monitoring and training provisions take effect 18 months after the effective date of the Second Amended Cybersecurity Regulation, or May 1, 2025.
Multifactor authentication and asset management and data retention provisions take effect two years after the effective date of the Second Amended Cybersecurity Regulation, or November 1, 2025.

Looking Ahead

The proliferation of artificial intelligence (“AI”), generative AI, and large language models is on NYDFS’s radar[3] and may receive attention in a forthcoming round of amendments. Although NYDFS declined to dedicate a section of the Cybersecurity Regulation to these rapidly expanding technologies, it cautioned covered entities that cybersecurity risks associated with AI are “concerning” and should be taken into account in risk assessments and addressed in cybersecurity programs.[4]

The Second Amended Cybersecurity Regulation signals a significant shift in the cybersecurity regulatory landscape, reflecting NYDFS’s proactive efforts to empower covered entities to protect themselves against escalating threats of sophisticated and frequent cyber events. Organizations should assess their cybersecurity policies and practices to ensure that adequate controls, resources, and personnel are in place to comply with NYDFS’s regulatory changes.

__________

[1] NYDFS did not adopt its proposed requirement that external experts conduct risk assessments at least once every three years.

[2] Privileged account means “any authorized user account or service account that can be used to perform security-relevant functions that ordinary users are not authorized to perform, including but not limited to the ability to add, change or remove other accounts, or make configuration changes to information systems.” Section 500.1(n).

[3] Assessment of Public Comments on the Revised Proposed Second Amendment to 23 NYCRR Part 500, here.

[4] Assessment of Public Comments on the Revised Proposed Second Amendment to 23 NYCRR Part 500, here.

The following Gibson Dunn lawyers assisted in preparing this alert: Alexander Southwell, Stephenie Gosnell Handler, Vivek Mohan, Sara Weed, Cassarah Chu, Anne Lonowski, and Ruby Lang.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the firm’s Privacy, Cybersecurity & Data Innovation practice group:

United States
S. Ashlie Beringer – Co-Chair, Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202.955.8505, jhorvath@gibsondunn.com)
Alexander H. Southwell – Co-Chair, New York (+1 212.351.3981, asouthwell@gibsondunn.com)
Matthew Benjamin – New York (+1 212.351.4079, mbenjamin@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303.298.5774, rbergsieker@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202.887.3786, dburns@gibsondunn.com)
Gustav W. Eyler – Washington, D.C. (+1 202.955.8610, geyler@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202.955.8657, sgans@gibsondunn.com)
Lauren R. Goldman – New York (+1 212.351.2375, lgoldman@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, shandler@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213.229.7269, nhanna@gibsondunn.com)
Howard S. Hogan – Washington, D.C. (+1 202.887.3640, hhogan@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415.393.8395, klinsley@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Karl G. Nelson – Dallas (+1 214.698.3203, knelson@gibsondunn.com)
Rosemarie T. Ring – San Francisco (+1 415.393.8247, rring@gibsondunn.com)
Ashley Rogers – Dallas (+1 214.698.3316, arogers@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)
Benjamin B. Wagner – Palo Alto (+1 650.849.5395, bwagner@gibsondunn.com)
Sara K. Weed – Washington, D.C. (+1 202.955.8507, sweed@gibsondunn.com)
Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415.393.8333, mwong@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213.229.7472, dwongyang@gibsondunn.com)

Europe
Ahmed Baladi – Co-Chair, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Joel Harrison – London (+44 20 7071 4289, jharrison@gibsondunn.com)
Vera Lukic – Paris (+33 (0) 1 56 43 13 00, vlukic@gibsondunn.com)

Asia
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)
Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com)

This 60-minute webcast covers key developments to be aware of as you prepare your 2024 proxy statement, including:

Proxy season trends
Recent and upcoming SEC rulemaking
Investor and proxy advisor updates

Please join us for a discussion of these topics and questions provided by the audience.

PANELISTS:

Aaron K. Briggs is a partner in Gibson Dunn’s San Francisco, CA office, where he works in the firm’s securities regulation and corporate governance and ESG practice groups. Mr. Briggs’ practice focuses on advising public companies, with a focus on technology and life sciences companies, on a wide range of corporate governance, securities and ESG matters, including in going-public transactions. Before rejoining Gibson Dunn, Mr. Briggs served as Executive Counsel at General Electric Company. His in-house experience— which included responsibility for SEC reporting and compliance, board governance, proxy and annual meeting, investor outreach and executive compensation matters, and included driving GE’s redesign of its full suite of investor communications provides a unique insight and practical perspective on the issues that his clients face every day. Mr. Briggs is a frequent speaker on securities and ESG matters.

Julia Lapitskaya is a partner in Gibson Dunn’s New York office. She is a member of the firm’s Securities Regulation and Corporate Governance and its ESG (Environmental, Social & Governance) practices. Ms. Lapitskaya’s practice focuses on SEC, NYSE/Nasdaq and Securities Exchange Act of 1934 compliance, securities and corporate governance disclosure issues, corporate governance best practices, state corporate laws, the Dodd-Frank Act of 2010, SEC regulations, shareholder activism matters, ESG and sustainability matters and executive compensation disclosure issues, including as part of initial public offerings and spin-off transactions. Ms. Lapitskaya is a frequent author and speaker on securities law and ESG issues and is a member of the Society for Corporate Governance.

Based in Gibson Dunn’s Orange County office, Lauren Assaf-Holmes advises public companies across industries on a variety of ESG, compliance and related corporate law matters as a member of the firm’s Securities Regulation and Corporate Governance Practice Group. Lauren advises clients throughout the year on financial reporting and compliance matters in connection with Securities and Exchange Act reporting (including Section 16 and Schedule 13G/D reports), as well as beginning or expanding ESG-related reporting. She has contributed to the publication Legal Risks and ESG Disclosures: What Corporate Secretaries Should Know and presents on these and related topics.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

Gibson Dunn represented JPMorgan as dealer manager in connection with Perrigo’s tender offer for up to $300 million of its outstanding 3.9% senior notes due 2024. Gibson Dunn also represented JPMorgan as Administrative Agent and as a lead arranger in connection with Perrigo’s $300 million incremental term loan, the proceeds of which were used to finance the tender offer.

The Gibson Dunn team was led by Doug Horowitz, with Alex Plaia and Melody Karmana on the incremental term loan and Harris Quraishi on the tender offer.

Gibson, Dunn & Crutcher LLP acted for The Kingdom of Saudi Arabia in connection with a US$ 11,000,000,000 Senior Unsecured Term Loan Credit Facility coordinated and arranged by Industrial and Commercial Bank of China Limited, Dubai (DIFC) Branch. It is the largest loan in EMEA in 2023.

The Gibson Dunn team was comprised of partners Mahmoud Abdel-Baky, Laleh Shahabi and associate attorney, Galadia Constantinou.

Last month, Gibson Dunn announced the opening of its Riyadh office with a team that included seven partners, each of whom has extensive experience working with clients in Saudi Arabia. The firm has significantly expanded its presence in the Gulf in the last 12 months, adding 14 new partners and 19 new associates, the largest investment made in the region by any international firm during this time.

With ongoing volatility due to the conflict in the Middle East, the Russia-Ukraine conflict, and other global developments and trends, companies have been navigating a complex 2023 capital raising market. Join partners of Gibson Dunn’s Capital Markets and Securities Regulation and Corporate Governance practice groups, as they provide an overview of market activity in 2023 and how companies have reacted to the market impact of these developments. This webcast also discusses thoughts on 2024 capital raising and the key issues and opportunities that may impact companies considering capital raise transactions in the next year.

PANELISTS:

Andrew L. Fabens is a partner and serves as co-partner in charge of the New York office, co-chair of Gibson Dunn’s Capital Markets Practice Group and is a member of Gibson Dunn’s Securities Regulation and Corporate Governance Practice Group. Mr. Fabens advises companies on long-term and strategic capital planning, disclosure and reporting obligations under U.S. federal securities laws, corporate governance issues and stock exchange listing obligations. He represents issuers and underwriters in public and private corporate finance transactions, both in the United States and internationally. His experience encompasses initial public offerings, follow-on equity offerings, investment grade, high-yield and convertible debt offerings and offerings of preferred, hybrid and derivative securities. In addition, he regularly advises companies and investment banks on corporate and securities law issues, including M&A financing, spinoff transactions and liability management programs.

Robert D. Giannattasio is a partner (effective January 1, 2024) in the New York office of Gibson, Dunn & Crutcher and practices in Gibson Dunn’s Capital Markets Practice Group, Securities Regulation and Corporate Governance Practice Group and Global Finance Practice Group. He has a broad corporate and capital markets practice representing issuers and underwriters on a variety of public and private debt and equity offerings, including acquisition financings, investment-grade and high-yield debt offerings, IPOs and follow-on equity offerings and liability management transactions. Robert has led a number of complex cross-border transactions and regularly advises companies on securities law and corporate governance matters, SEC reporting and disclosure issues.

Thomas J. Kim is a partner in the Washington D.C. office of Gibson, Dunn & Crutcher, LLP, where he is a member of the firm’s Securities Regulation and Corporate Governance Practice Group. Mr. Kim focuses his practice on a broad range of SEC disclosure and regulatory matters, including capital raising and tender offer transactions and shareholder activist situations, as well as corporate governance, environmental social governance and compliance issues. He also advises clients on SEC enforcement investigations – as well as boards of directors and independent board committees on internal investigations – involving disclosure, registration, corporate governance and auditor independence issues. Mr. Kim has extensive experience handling regulatory matters for companies with the SEC, including obtaining no-action and exemptive relief, interpretive guidance and waivers, and responding to disclosures and financial statement reviews by the Division of Corporation Finance. Mr. Kim served at the SEC for six years as the Chief Counsel and Associate Director of the Division of Corporation Finance, and for one year as Counsel to the Chairman.

Ben McNulty is an Executive Director in J.P. Morgan’s Debt Capital Markets group. His clients primarily include investment grade public companies in the TMT industry. He has advised on complex debt offerings, liability management exercises, loan syndications and general capital structure advisory.

Alice Takhtajan is a Managing Director in J.P. Morgan’s Equity Capital Markets group.

We are pleased to provide you with the next edition of Gibson Dunn’s digital assets regular update. This update covers recent legal news regarding all types of digital assets, including cryptocurrencies, stablecoins, CBDCs, and NFTs, as well as other blockchain and Web3 technologies. Thank you for your interest.

ENFORCEMENT ACTIONS

UNITED STATES

DOJ, CFTC, Treasury, and Binance, CZ Reach Settlement
On November 21, Binance, the largest cryptocurrency exchange in the world, reached a settlement with the U.S. Department of Justice (DOJ), the Commodity Futures Trading Commission (CFTC), the U.S. Department of Treasury’s Office of Foreign Asset Control (OFAC) and Financial Crimes Enforcement Network (FinCEN), to resolve a multi-year investigation by the agencies and a civil suit brought by the CFTC. Attorney General Merrick Garland, Treasury Secretary Janet Yellen, and CFTC Commissioner Rostin Benham announced the multi-agency resolutions in a press conference. As part of the settlement, Binance agreed to pay $4.3 billion across the four agencies and pleaded guilty to conspiracy to conduct an unlicensed money transmitting business and violation of the International Emergency Economic Powers Act. The plea agreement requires Binance to engage in remedial compliance measures over a three-year probationary term and imposes an Independent Compliance Monitor, in addition to requiring the payment of fines and forfeitures. Concurrent with the company’s settlement, Binance’s founder Changpeng Zhao also pleaded guilty to one count of failing to maintain an effective AML program. NBC; CNN; ABC; Law360; CNBC; C-SPAN.
SEC Sues Kraken Cryptocurrency Exchange
On November 20, the SEC sued Kraken, the world’s third-largest crypto asset exchange, alleging that it operates as an unregistered securities exchange, broker, dealer, and clearing agency. The complaint’s allegations track those made in complaints against other crypto exchanges. The SEC’s complaint, filed in federal district court in San Francisco, seeks injunctive relief, disgorgement of ill-gotten gains plus interest, and penalties. SEC; Reuters; Fortune.
DOJ Seizes Millions of Dollars of Tether
On November 21, the Department of Justice seized $9 million worth of Tether (USDT), a U.S. dollar stablecoin, from accounts associated with “pig butchering” scams. These schemes involve scammers developing fake romantic relationships with victims, convincing them to transfer digital assets into fake exchanges before stealing the assets. Tether Limited, which manages Tether, had earlier frozen $225 million worth of USDT in accounts connected to these scams, from which the $9 million was seized. The operation was a collaboration between the Department of Justice, the U.S. Secret Service, and Tether Limited. CryptoNews; DOJ; Law360; CNBC.
SEC’s Crypto Enforcement Increases in 2023
The SEC announced their enforcement results for fiscal year 2023 which marked the third consecutive year that enforcement activity had increased since Chair Gary Gensler became head of the agency. While investment adviser cases, insider trading, and individual accountability cases saw a decrease in the 2023 fiscal year, cryptocurrency cases increased from 18 in fiscal year 2022 to 44 in fiscal year 2023. The SEC said it will continue to prioritize violations involving crypto in 2024. Law360.

INTERNATIONAL

Feds Seize and Sanction Sinbad, a North Korean-Linked Crypto Mixer
On November 29, Sinbad, a company that makes crypto transactions anonymous, was sanctioned by the U.S. Department of Treasury. Authorities have alleged that Sinbad washed millions of dollars of stolen cryptocurrency for North Korean state-backed hackers the Lazarus Group following high-profile digital heists. Sinbad is the third crypto mixer to face U.S. sanctions since 2022. Last month, the Financial Crimes Enforcement Network proposed rules to reclassify companies like Sinbad to bring them under its jurisdiction, which could require mixers to report some transactions to the federal government. Law360.
Montenegro Court Approves Extradition of “Cryptocurrency King” Do Kwon
On November 24, 2023, the High Court in Podgorica, Montenegro approved the extradition of Terraform Labs co-founder Do Hyeong Kwon to the United States or South Korea to face charges related to the collapse of stablecoin Terra USD. In February of this year, the U.S. Securities and Exchange Commission charged Kwon with orchestrating a multi-billion dollar crypto asset securities fraud. This followed South Korea’s issuance of a warrant for Kwon’s arrest in September of last year. Kwon agreed to be extradited to South Korea after serving a four-month sentence in Montenegro for document forgery. Montenegro’s justice minister will issue a final decision approving or denying extradition at the expiration of Kwon’s sentence. Reuters; Financial Times.

REGULATION AND LEGISLATION

UNITED STATES

New York State Announces New Crypto Regulations
On November 15, the New York State Department of Financial Services (NYDFS) unveiled new restrictions on crypto companies under the New York Financial Services Law. The restrictions require companies to submit for pre-approval policies regarding the listing and delisting of cryptocurrency coins. The submitted policies must include provisions on governance, risk assessment, monitoring, de-listing process, and execution. The new restrictions apply to digital currency businesses licensed under New York law and to limited purpose trusts under New York banking law. Covered businesses must meet with NYDFS by December 8 to discuss draft policies, and must submit final policies by January 31, 2024. Cointelegraph; N.Y. Dep’t Fin. Servs.
CFPB Proposes Rule to Supervise Nonbank Companies Offering Digital Wallets and Payment Apps
On November 7, the Consumer Financial Protection Bureau (CFPB) issued a proposed rule to supervise certain nonbank companies that offer services such as digital wallets and payment apps. The proposed rule would apply to nonbank payments companies providing general-use digital consumer payment applications that process more than five million consumer payment transactions per year and are not a “small business concern” as defined under the Small Business Act. The proposed rule defines “consumer payment transactions” as “the transfer of funds by or on behalf of a consumer physically located in a State to another person primarily for personal, family, or household purposes,” though it excludes certain transactions (including international money transfers). And it further asserts that “funds” include cryptocurrencies. The comment period for the proposed rule closes on January 8, 2024. CFPB.
Officials’ Questions at Hearing Suggest Further Tax Proposal Revisions to Come Following Crypto Industry’s Criticism
The IRS held a hearing on November 13 regarding its proposed crypto tax reporting rule, which has been heavily criticized by the crypto industry. The proposed rule would set forth reporting requirements and applicable definitions for digital asset brokers. At the hearing, IRS officials asked questions to clarify the criticism regarding the proposal’s wide definition of “brokers,” which as of now includes decentralized finance (DeFi) projects and wallet software. Industry representatives explained that there is no specific person that controls software used in DeFi and that it is therefore impractical to collect the information that would be required to be reported under the IRS’s proposal. In addition, the IRS asked questions relating to potentially excluding the stablecoin-reporting requirement. The industry has argued that the government should not track these transactions as taxable exchanges of assets. Furthermore, the IRS inquired about data privacy risks for consumers as a result of the proposed regulations. CoinDesk; Reuters.
Key Cryptocurrency Legislation Likely Delayed to 2024, Lawmakers Say
In recent months, legislators in Congress have introduced a series of bills to modernize the legal framework governing cryptocurrencies. These include the Financial Innovation and Technology for the 21st Century Act, introduced by Congressman French Hill (R-Ark.), Congressman Dusty Johnson (R-S.D.) and Congressman Glenn G.T. Thompson (R-Pa.) and the Clarity for Payment Stablecoins Act of 2023, introduced by Congressman Patrick McHenry (R-N.C.). Efforts to advance those bills had been sidelined as a leadership dispute roiled the House of Representatives following the ouster of Congressman Kevin McCarthy (R-CA) as Speaker of the House. Key proponents of the legislation have indicated that further progress on the bills is unlikely until at least early-2024. CoinDesk; CNBC.
FASB Says Cryptocurrencies to Be Measured at Fair Value
On December 13, 2023, the Financial Accounting Standards Board (FASB) promulgated new standards governing accounting for digital assets. Under the new standards, companies that hold bitcoin or ether will be required to record their holdings at fair value. The standards do not cover non-fungible tokens, stablecoins, and issuer-created tokens. Previous rules had required companies to record assets at their low values, which some had criticized as artificially depressing the reported value of cryptocurrency holdings due to temporary downturns in price. The FASB accounting standards will take effect after December 15, 2024, but companies may voluntarily adopt them sooner. Bloomberg; CoinDesk.

INTERNATIONAL

Hong Kong’s SFC Updates Guidance on Tokenized Securities-Related ActivitiesOn November 2, Hong Kong’s Securities and Futures Commission (SFC) published two circulars providing updated guidance to intermediaries engaging in tokenized securities-related activities and on the tokenization of SFC-authorized investment products. The SFC now considers tokenized securities to be traditional financial instruments that are securities which utilize blockchain (or similar) technology in their security lifecycle. This updated characterization supersedes the SFC’s previous March 2019 statement characterizing tokenized securities as complex products requiring extra investment protection measures and restricting their offering to professional investors. A detailed breakdown of the circulars is available in Gibson Dunn’s November 10, 2023 Client Alert. Gibson Dunn.
European Banking Authority Launches Public Consultation on Crypto Money Laundering
On November 24, the European Banking Authority initiated a public consultation program to gather opinions on “new Guidelines on preventing the abuse of funds and certain crypto-assets transfers for money laundering and terrorist financing purposes.” The proposed Guidelines set out procedures that payment service providers and crypto asset service provides must follow to “detect missing or incomplete information that accompanies a transfer of funds or crypto-assets” and to manage transfers ordered with less than complete information. The Authority will take comments on its published consultation paper until February 26, 2024, and will hold a virtual public hearing on the Guidelines on January 17, 2024. EBA 1; EBA 2.
Monetary Authority of Singapore Finalizes New Crypto Regulations
On November 23, the Monetary Authority of Singapore (MAS) issued a response to feedback on its proposed regulation of crypto service providers. In an effort to combat the encouragement of crypto speculation, with regard to retail persons, the regulation prohibits crypto service providers from financing crypto transactions, permitting margin transactions, or providing incentives to trade. Providers are barred from accepting locally issued credit card payments, and must assess customers’ risk awareness before permitting trading. The regulation also relaxes requirements for qualifying as an accredited investor by allowing a certain quantity of crypto assets to count toward the net-worth calculation. The MAS previously issued responses to feedback in July when it promulgated regulations requiring providers to deposit customer assets in a statutory trust for safekeeping and restricting providers from lending and staking cryptocurrency to retail investors. The rules will take effect in phases, beginning in mid-2024. CoinDesk; MAS 1; MAS 2; MAS 3.
Countries Announce Intent to Implement the OECD’s Crypto Reporting Framework
The Organization for Economic Cooperation and Development (OECD) released the Crypto-Asset Reporting Framework (CARF) in October 2022, which focused on ensuring crypto-assets are not used for illicit purposes such as tax evasion. This month, 48 jurisdictions, including the U.S., U.K., France, Spain, Germany, Canada, and Japan, announced their intent to implement the CARF by 2027. Erika Nijenhuis, a U.S. Department of Treasury official, said earlier that regulations to implement the CARF were in process and that the Treasury can require reporting for much of what the CARF covers. Law360.
U.K.’s Financial Conduct Authority Licenses Crypto.com As Electronic Money Institution
On December 4, the U.K.’s Financial Conduct Authority granted crypto exchange Crypto.com a license to operate in the country as an Electronic Money Institution. Crypto.com plans to use the license to “offer a suite of UK-localised e-money products,” according to a press release. Since August 2022, the firm has held the status of a registered crypto-asset business in the U.K., but the new license will enable it to provide cash placements and withdrawals from payment accounts; to execute payment transactions; to issue payment instruments; to remit money; and to issue electronic money. Conversely, the license restricts Crypto.com from hiring agents or using distributors and from providing payment services unrelated to those licensed. Other crypto exchanges hold similar licenses in the U.K. CoinDesk; Crypto.com; Financial Conduct Authority; Crypto.news.
South Korea Proposes New Consumer Protection Rules for Cryptocurrency
In June of this year, South Korea’s lawmakers approved the Virtual Asset User Protection Act, which defined digital assets and imposes penalties for trading such assets on nonpublic information, manipulating markets, or otherwise engaging in unfair trading practices. The legislation also gave South Korea’s Financial Services Commission power to oversee cryptocurrency firms and asset custodians. On December 11, 2023, the country’s Financial Services Commission promulgated comprehensive regulations to effectuate the new law. The proposed rules (a) broaden the range of covered tokens, (b) prescribe standards for custodying digital assets, (c) require virtual asset service providers (VASPs) to store 80% or more of customer assets in cold wallets, (d) mandate certain insurance and reserve baselines to prevent catastrophic losses in the event of hacking or technological failures, (e) specify when nonpublic information becomes public, (f) limit when VASPs may block customer deposits and withdrawals, and (g) require VASPs to monitor abnormal transaction activity. Bloomberg; CoinDesk; S.K. Financial Services Commission.
Regulators Approve El Salvador’s “Bitcoin Bonds”
In January 2023, El Salvador’s lawmakers approved a bill authorizing the issuance of sovereign “Bitcoin bonds.” El Salvador’s National Bitcoin Office (ONBTC) announced on Monday that the country’s Digital Assets Commission had approved issuing the bonds, known colloquially as the “Volcano Bond” – a reference to geo-thermal energy sources used to support the country’s mining operations. According to ONBTC, the bonds are expected to issue in the first quarter of 2024 on the Bitfinex Securities Platform, a registered trading site for blockchain-based assets in El Salvador. Cointelegraph; Yahoo.

CIVIL LITIGATION

UNITED STATES

Celsius Network Faces Roadblock in Pivot to Bitcoin Mining After Winning Initial Ch. 11 Plan Approval
On November 30, Chief Judge Martin Glenn of the U.S. Bankruptcy Court for the Southern District of New York said that Celsius Network, the bankrupt cryptocurrency investment platform, may have to seek a new creditor vote on its proposed transformation into a bitcoin mining business. This development comes just days after Judge Glenn signed an order confirming the initial Chapter 11 plan of Celsius. Under that plan, crypto consortium Fahrenheit LLC would acquire Celsius’ assets and focus on mining new bitcoin and on earning “staking” fees by validating blockchain transactions. Customers who had Celsius accounts at the time of the bankruptcy would receive pro rata distributions of the company’s remaining cryptocurrency and preserve their right to pursue claims against parties accused of manipulating the price of Celsius’ tokens prior to the bankruptcy.However, Celsius scaled back its post-bankruptcy business plans to focus only on bitcoin mining after receiving feedback from the SEC. Although the SEC did not explicitly oppose Celsius’ bankruptcy plan before it was approved, Celsius claims that the SEC is unwilling to approve crypto lending and staking activity. Judge Glenn expressed frustration with the late pivot, saying that he had been a “broken record” about Celsius’ need to reach agreement with the SEC. Law360; Reuters.
Genesis, Digital Currency Group Reach Agreement on New Settlement Plan
A recent bankruptcy filing revealed that Genesis Global and its parent company, Digital Currency Group (DCG), have agreed on a repayment plan to settle their lawsuit. In September 2023, Genesis sued DCG seeking repayment of over $600 million in loans. The settlement plan shows that DCG has already settled roughly $227.3 million of its debt to Genesis and lays out a plan for an additional $275 million to be paid by April 2024 using a combination of U.S. dollars and bitcoin. The settlement also includes other consideration. CryptoSlate.
Genesis Sues Gemini to Recover ‘Preferential Transfers’ Worth $689M
On November 21, Genesis Global, a crypto lender, sued cryptocurrency exchange Gemini Trust Co, for allegedly making preferential transfers of approximately $689 million. Genesis filed for bankruptcy in January 2023. Genesis alleges that, before the bankruptcy filing, Gemini made “unprecedented withdrawals” that contributed to a “run on the bank.” Gemini has stated that the claims are “baseless and inflammatory.” Reuters; CoinDesk.
FTX Says IRS Tax Estimate Is $24 Billion Too High
On November 29, FTX asked a Delaware bankruptcy judge to set its tax bill at $0 claiming that the IRS is estimating $24 billion in claims without evidence. Given its collapse in November 2022, FTX is arguing that it has no tax liability. FTX expects to seek votes for its Chapter 11 plan in March and asked for a hearing with the IRS in February to resolve this issue beforehand as it has the potential to derail these Chapter 11 cases. After the IRS began an audit of FTX’s taxes, it had originally estimated claims at $44 billion before being revised in November to $24 billion. FTX is concerned that these claims could halt plan confirmation and indefinitely delay distributions on allowed claims to customers and creditors. Law360.

INTERNATIONAL

FTX Investors Sue MLB, F1 Team Over Crypto Promotions
On November 27, FTX investors filed three class action suits in Florida federal court against Major League Baseball, Mercedes-Benz’s Formula One race team, and media companies Wasserman Media Group LLC and Dentsu McGarry Bowen LLC for promoting FTX. The investors claim that all the organizations failed to conduct adequate due diligence on FTX and “aided and abetted FTX’s deceptive marketing practices.” Further, the suits allege that the organizations had a pivotal role in deceiving the public through their promotion of FTX. Law360.

SPEAKER’S CORNER

UNITED STATES

Presidential Candidate Vivek Ramaswamy Shares Crypto Plan
On November 16, Republican presidential candidate Vivek Ramaswamy shared his plan for regulating digital assets. Ramaswamy advocated for classifying most cryptocurrencies as commodities rather than securities, and has been critical of SEC Chair Gary Gensler’s unwillingness to share how he thinks ether should be classified. Ramaswamy also shared that his administration would not target software developers just for writing code and would leave unhosted wallets unregulated. Fellow GOP candidate Ron DeSantis also has pledged to “defend the right of Americans to hold digital assets without government interference.” CoinDesk; Washington Examiner.

INTERNATIONAL

Singapore to Pilot Use of Wholesale Central Bank Digital Currencies in 2024
On November 16, Ravi Menon, Managing Director of the Monetary Authority of Singapore (MAS), announced Singapore’s plan to pilot the live issuance and use of wholesale central bank digital currencies (CBDCs) in 2024. Previously, the MAS had only simulated the issuance of wholesale CBDCs within test environments. The MAS will soon partner with local banks to pilot the use of wholesale CBDCs as a common settlement asset in domestic payments. Banks will have the ability to issue tokenized bank liabilities that represent claims on their balance sheets. Retail customers can utilize these tokenized bank liabilities in transactions with merchants who, in turn, can credit these liabilities with their respective banks. MAS; CNBC.
IMF Says Central Bank Digital Currencies Can Replace Cash
On November 15, Kristalina Georgieva, Managing Director of the International Monetary Fund (IMF), said that central bank digital currencies (CBDCs) have the potential to replace cash in island economies where the distribution of physical currency is costly. Georgieva encouraged the public sector to prepare for the deployment of CBDCs and related payment platforms in the future, noting that such technologies could potentially improve financial inclusion and financial literacy. Georgieva noted that the success of CBDCs will ultimately rely on policy decisions, how technologies evolve, personal privacy and data security, and how the private sector responds. The IMF has said that more than 100 countries are exploring CBDCs, with countries such as Jamaica, Nigeria, and the Bahamas having already issued retail CBDCs. CNBC.

OTHER NOTABLE NEWS

Gibson Dunn Debuts Fintech and Digital Assets Practice
On November 13, Gibson, Dunn & Crutcher LLP announced its fintech and digital assets practice group. The practice group consists of 40 attorneys and is co-chaired by three Washington, D.C. partners, M. Kendall Day, Jeffrey Steiner, and Sara Weed. These attorneys will “advise traditional and emerging companies on the most complex investigations and enforcement actions brought by regulators in critical markets in the United States, Europe, and Asia.” Working alongside their colleagues in other practice areas like artificial intelligence, financial institutions, data innovation, public policy, privacy and cybersecurity and many others, the fintech and digital assets practice group aims to handle a broad range of “regulatory, policy and supervision and enforcement situations involving fintech, digital assets and blockchain technology” that will enable their clients to seamlessly accelerate their growth worldwide. Gibson Dunn.
Argentina Elects Pro-Bitcoin President Javier Milei
On November 19, Argentina elected Javier Milei as its new president. Milei is known for his anti-central banking stance, criticizing the central bank for “cheating” Argentinians through inflationary tax and even proposing the elimination of the Central Bank of Argentina. As Argentina struggles with triple-digit rates of inflation, Milei sees bitcoin as “the natural reaction against central bank scammers; to make money private again.” While Milei has not proposed making bitcoin legal tender in Argentina, as it is in El Salvador, he plans to dollarize the Argentine economy to combat the country’s inflation issues. Despite his strong views on bitcoin and cryptocurrency, it remains unclear how Milei’s administration will integrate crypto into national economic policies. Blockworks

The following Gibson Dunn attorneys contributed to this issue: Jason Cabral, M. Kendall Day, Chris Jones, Jay Minga, Nick Harper, Grace Feitshans, Justin Fishman, Kameron Mitchell, Michelle Lou, and Edward Ferguson.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s FinTech and Digital Assets practice group, or the following:

FinTech and Digital Assets Group:

Ashlie Beringer, Palo Alto (650.849.5327, aberinger@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (202.955.8256, mbopp@gibsondunn.com

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Ella Alves Capone, Washington, D.C. (202.887.3511, ecapone@gibsondunn.com)

Grace Chong, Singapore (+65 6507 3608, gchong@gibsondunn.com)

M. Kendall Day, Washington, D.C. (202.955.8220, kday@gibsondunn.com)

Michael J. Desmond, Los Angeles/Washington, D.C. (213.229.7531, mdesmond@gibsondunn.com)

Sébastien Evrard, Hong Kong (+852 2214 3798, sevrard@gibsondunn.com)

William R. Hallatt, Hong Kong (+852 2214 3836, whallatt@gibsondunn.com)

Martin A. Hewett, Washington, D.C. (202.955.8207, mhewett@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Stewart McDowell, San Francisco (415.393.8322, smcdowell@gibsondunn.com)

Mark K. Schonfeld, New York (212.351.2433, mschonfeld@gibsondunn.com)

Orin Snyder, New York (212.351.2400, osnyder@gibsondunn.com)

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Eric D. Vandevelde, Los Angeles (213.229.7186, evandevelde@gibsondunn.com)

Benjamin Wagner, Palo Alto (650.849.5395, bwagner@gibsondunn.com)

Sara K. Weed, Washington, D.C. (202.955.8507, sweed@gibsondunn.com)

The agreement marks a watershed moment for AI regulation and is the most significant endorsement of so-called “comprehensive” AI regulation from a major political actor on the world stage.

I. Introduction

After almost 6 months of negotiations, in the late night and early morning hours of December 8-9, 2023, the European Commission, the Council and the Parliament reached political agreement on the provisional rules that will comprise the European Union’s Artificial Intelligence Act (the “AI Act”).[1] This agreement marks a watershed moment for AI regulation, and is the most significant endorsement of so-called “comprehensive” AI regulation from a major political actor on the world stage. The provisional agreement on the AI Act would:

Establish a broad and extraterritorial scope of application,
Prohibit certain uses of AI entirely, and
Define a broad range of other uses as “high-risk” and subject to stringent requirements.

A number of procedural steps remain before the AI Act is finalized (as summarized in more detail in Section III); however, the staggered – and relatively rapid – planned enforcement of certain provisions bears note. Provisions related to prohibited AI systems are set to become enforceable six months after the Act is finalized; and provisions related to so-called General Purpose AI (“GPAI”) become enforceable 12 months after this date. The rest of the AI Act is expected to become enforceable in 2026.

The “long arm” of the AI Act will impact a broad range of business – including, but not limited to, those that intend to provide or deploy AI systems within the EU.[2] The distinct posture of the AI Act – based in part on fundamental and human rights jurisprudence – requires companies to think differently when preparing compliance strategies:

Proactive engagement with novel regulatory measures, such as a fundamental rights impact assessment for certain AI systems, and
Reimagining and documenting strategic decision-making related to internal governance and compliance in the face of unpredictable and uncertain go-forward risks.

This alert builds on our previous alerts which analyzed the European Commission’s 2021 proposal on the AI Act, the European Council’s common position (December 2022) and European Parliament’s negotiating position (June 2023). This alert takes a closer look at some of the key areas of debate in the trilogue procedure and the political agreement that was reached.

Negotiations on the final text of the AI Act remain underway, and the final wording of the provisional agreement is not yet public. The analysis below is based on public reports and our understanding of the substance of the agreement, but this may change based on a variety of factors. Keen followers of artificial intelligence would no doubt agree a lack of forward-looking certainty is the one guarantee in this area, and that applies equally to the AI Act’s journey from initial gestation to “political agreement.”

II. From negotiation to agreement: Outcome of the trilogue procedure

a) Scope of Application

The AI Act will provide for an extra-territorial scope of application that includes obligations for providers and deployers of AI systems. This has significant consequences for businesses not established in the EU, if they place an AI system on the market or put it into service in the EU. Furthermore, the regulations apply when “outputs” produced by an AI system are (or are intended to be) used in the EU. A key issue yet to be determined relates to the scope of the “output” provisions and the extent to which the AI Act regulates activities across the AI supply chain. One example could be AI-assisted R&D that is outsourced outside Europe such that only the final product (e.g., products designed using AI that do not themselves fall within the definition of an AI system and are not, technically, “outputs” of an AI system) are marketed in the EU.

b) Definition of AI

The definition of AI, a key threshold for applicability of the AI Act, has been subject to significant change throughout the legislative process. As noted in our previous alert, what started out as an overly broad definition has been reportedly narrowed over time with the goal of ensuring that traditional computational processes and software are not inadvertently captured. While the final text of the AI Act has not yet been released, the language reportedly aligns with the definition of AI recently adopted by the OECD[3] and reflects the need to preserve the ability to adjust the definition as necessary to account for future developments in the fast-moving AI landscape. While the definition in the final text does not reflect the OECD’s definition verbatim, it reflects its main elements, i.e., objective-based output generation that is able to influence its environment with varying degrees of autonomy.[4]

c) Prohibited AI systems

The AI Act classifies AI systems by risk level (unacceptable, high, limited, and minimal or no risk). AI systems that carry “unacceptable risk” are per se prohibited. In other words, the Act adopts bright line rules as to some uses of AI systems, based on fundamental rights concerns, differently from some other flagship regulations in the EU which usually allow for exceptions based on general rules. This framework will require particular diligence on behalf of businesses when classifying their AI systems for the purposes of the Act’s risk-based approach.

While the European Commission and Council advocated for a narrower list of prohibited AI systems, the Parliament’s mandate included a longer list of prohibited AI systems, banning certain use cases entirely. The agreed AI Act prohibits, inter alia:[5]

Manipulation of human behavior to circumvent end-users’ free will;
Social scoring;
Certain applications of predictive policing;
Emotion recognition systems used in the workplace; and
Real time remote biometric identification for law enforcement purposes in publicly accessible spaces (with narrow exceptions).

The European Council resisted the full ban on real-time remote biometric identification in publicly accessible spaces proposed by the European Parliament. Instead, real-time remote biometric identification for law enforcement purposes is prohibited unless it fits within narrow exceptions, such as for uses tied to the prevention of terrorist attacks or to locate victims or suspects in connection with serious offences, such as terrorism. Under the agreed version of the AI Act, other forms of biometric identification that fall outside the scope of the prohibition (i.e., ex-post biometric identification) are considered “High-Risk” (for which, see below).

d) High-risk AI systems

High-risk AI systems, while permitted, are subject to the most stringent obligations. AI systems may fall into this category if they pose a “significant risk” to an individual’s health, safety, or fundamental rights, and are used, or intended to be used, for inter alia education, employment, critical infrastructure, public services, law enforcement, border control, and administration of justice. One new obligation for companies imposed by the AI Act will be to prepare fundamental rights impact assessments (‘FRIAs’). Determining when and how to conduct an FRIA will raise many strategic and compliance-focused questions, taking account of the nature and scope of the AI system in question. Businesses will need to take steps to engage with this obligation as soon as possible.

In response to concerns that the high-risk category may be over-inclusive, the agreed version of the AI Act adds the concept of a filter system, which provides a series of exemptions that would allow providers of AI systems to avoid the high-risk category based on self-assessments.

The European Commission is expected to develop guidelines on the application of these filters. Currently, it has been reported that the filters exempt AI systems that are (i) intended to perform a narrow procedural task; (ii) intended to review or improve the result of a previously completed human activity; (iii) purely intended to detect decision-making patterns or deviations from prior decision-making patterns to flag potential inconsistencies; or (iv) used to perform preparatory tasks for an assessment relevant to critical use cases. It is not unlikely that the operation of this filter system may cause some problems in practice and lack of legal certainty as to the scope of the exemptions.

Providers that make an assessment that their systems fall outside of the high-risk category may be obliged to provide, upon request, the results of their prior assessment as to classification to the respective national market surveillance authorities. The agreed AI Act also contemplates allowing these market surveillance authorities to carry out evaluations of AI systems where they have sufficient reason to believe they should be considered high-risk, and to impose fines where they have sufficient evidence that the AI system provider misclassified their system to avoid a high-risk classification.[6]

e) General Purpose AI (Foundation Models)

As explained in our previous alert, the Parliament’s negotiating position introduced a regime for regulating GPAI models – or foundation models – consisting of models that “are trained on broad data at scale, are designed for generality of output, and can be adapted to a wide range of distinctive tasks”.[7] Parliament also introduced certain separate testing and transparency requirements, with most of the obligations falling on any deployer that substantially modifies a GPAI system for a specific use case.

The regulation of GPAI models was heavily debated during the trilogue procedure. The final text features a tiered approach (initially proposed by the European Commission) which places more onerous obligations on GPAI models that could pose “systemic” risks. The AI Act contains a presumption categorizing models as carrying a “systemic risk” where the model was trained using computing power greater than 10^25 floating point operations (FLOPs), indicating their capabilities and amount of underlying data. The European Commission has commented that “these new obligations will be operationalized through codes of practices developed by industry, the scientific community, civil society and other stakeholders together with the Commission.”[8] The tiered approach represents a compromise between the stark opposition to any regulation of foundation models in the AI Act by some Member States, including France, Germany and Italy, and the European Parliament’s preferred approach of establishing horizontal obligations which would apply equally to all foundation models.[9]

While certain obligations will apply to GPAI models, e.g., transparency obligations relating to the training data as well as copyright safeguards or making AI-generated content recognizable, providers of foundation models that meet the “systemic risks” threshold will need to notify the Commission of their status and comply with the relevant obligations in the AI Act (similar to the notification mechanism in the EU Digital Services Act). The regime places onerous obligations on providers of foundation models that are similar to those that apply to high-risk AI systems, e.g., requirements to assess and mitigate the risks their models entail, comply with certain design, information and environmental requirements and register such models in an EU database.

f) Enforcement

The AI Act envisions a strict enforcement regime set to be overseen by national authorities designated by each EU Member State to supervise compliance within its territory as well as a centralized European Artificial Intelligence Office tasked with coordinating enforcement efforts. Notably, the AI Act does not contemplate a de-centralized system of enforcement or a “one-stop shop” as under the GDPR. However, the competent national authorities will be gathered in the European Artificial Intelligence Board to ensure consistent application of the law. The maximum fines for non-compliance with the AI Act can reach up to EUR 35 million or, if the offender is a company, up to 7% of its total worldwide annual turnover for the preceding financial year, whichever is higher.[10] Certain proportionate caps on fines will apply for small and medium-sized enterprises (SMEs) and start-ups.

III. Next Steps

The AI Act is an extensive and complicated piece of legislation, and its impact will be far-reaching. After the conclusion of the trilogue process, the AI Act is now subject to formal adoption by the European Parliament and the Council. Once adopted, the AI Act will be published in the Official Journal and will enter into force 20 days following publication. However, the AI Act will not become fully enforceable until two years after its entry into force—likely in 2026—with some exceptions for specific provisions such as prohibited AI systems and AI systems classified as GPAI, which will be applicable after 6 and 12 months, respectively.

Now that political agreement has been reached, companies should be proactively engaging with the provisions of the AI Act and making preparations to ensure compliance by the applicable deadlines.

__________

[1] Council of the EU, Artificial intelligence act: Council and Parliament strike a deal on the first rules for AI in the world, press release of 9 December 2023, available here.

[2] The scope of some of the broadest jurisdictional hooks, including governing companies that are responsible for generating output from AI tools that have effect in the Union, remains to be seen.

[3] See, Luca Bertuzzi, Euractiv, OECD updates definition of Artificial Intelligence ‘to inform EU’s AI Act’, Article of 9 November 2023, available here.

[4] See, Luca Bertuzzi, Euractiv, AI Act: EU policymakers nail down rules on AI models, butt heads on law enforcement, Article of 9 December 2023, available here.

[5] European Commission, Commission welcomes political agreement on Artificial Intelligence Act, Article of 9 December 2023, available here.

[6] See, Luca Bertuzzi, Euractiv, AI Act: Leading MEPs revise high-risk classification, ignoring negative legal opinion, Article of 10 November 2023, available here.

[7] European Parliament’s compromise proposal, Art. 3(1c), available here.

[8] European Commission, Commission welcomes political agreement on Artificial Intelligence Act, Article of 9 December 2023, available here.

[9] See, Luca Bertuzzi, Euractiv, EU’s AI Act negotiations hit the brakes over foundation models, Article of 10 November 2023, available here.

[10] European Commission, Commission welcomes political agreement on Artificial Intelligence Act, Article of 9 December 2023, available here.

The following Gibson Dunn attorneys assisted in preparing this update: Vivek Mohan, Robert Spano, Kai Gesing, Joel Harrison, Christian Riis-Madsen, Nicholas Banasevic, Stéphane Frank, Frances Waldmann, Leon Freyermuth, Christoph Jacob, Jonas Jousma, Yannick Oberacker, Ciara O’Gara, Tine Rasmussen, and Hayley Smith.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any of the leaders and members of the firm’s Artificial Intelligence or Privacy, Cybersecurity & Data Innovation practice groups, or the following authors:

Stéphane Frank – Brussels (+32 2 554 72 07, sfrank@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33 180, kgesing@gibsondunn.com)
Joel Harrison – London (+44 20 7071 4289, jharrison@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Christian Riis-Madsen – Brussels (+32 2 554 72 05, criis@gibsondunn.com)
Robert Spano – London/Paris (+44 20 7071 4902, rspano@gibsondunn.com)
Frances A. Waldmann – Los Angeles (+1 213.229.7914, fwaldmann@gibsondunn.com)

Artificial Intelligence:
Cassandra L. Gaedt-Sheckter – Co-Chair, Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Vivek Mohan – Co-Chair, Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Robert Spano – Co-Chair, London/Paris (+44 20 7071 4902, rspano@gibsondunn.com)
Eric D. Vandevelde – Co-Chair, Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)

Privacy, Cybersecurity and Data Innovation:
Ahmed Baladi – Co-Chair, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
S. Ashlie Beringer – Co-Chair, Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202.955.8505, jhorvath@gibsondunn.com)
Alexander H. Southwell – Co-Chair, New York (+1 212.351.3981, asouthwell@gibsondunn.com)

Gibson Dunn has formed a Workplace DEI Task Force, bringing to bear the Firm’s experience in employment, appellate and Constitutional law, DEI programs, securities and corporate governance, and government contracts to help our clients develop creative, practical, and lawful approaches to accomplish their DEI objectives following the Supreme Court’s decision in SFFA v. Harvard. Prior issues of our DEI Task Force Update can be found in our DEI Resource Center. Should you have questions about developments in this space or about your own DEI programs, please do not hesitate to reach out to any member of our DEI Task Force or the authors of this Update (listed below).

Key Developments:

On December 6, 2023, Fearless Fund (represented by Gibson Dunn) filed its merits brief in Am. Alliance for Equal Rights v. Fearless Fund Mgmt., LLC, No. 23-13138 (11th Cir. 2023). The brief is available here. Fearless Fund is a Black women-owned venture capital firm with a “Fearless Strivers” charitable grant program that provides $20,000 grants to Black female entrepreneurs as part of its mission to raise awareness about inequities in access to capital. AAER sued Fearless Fund in August 2023, claiming the program violates Section 1981 and seeking a preliminary injunction preventing Fearless Fund from awarding the grants. The district court denied the plaintiff’s motion for a preliminary injunction, but on September 30, 2023, the Eleventh Circuit temporarily enjoined the program pending appeal. AAER filed its merits brief on November 6, 2023. Its reply brief is due on January 3, 2024. Oral argument is scheduled for January 31, 2024.

On December 6, 2023, the U.S. Supreme Court heard oral arguments in Muldrow v. City of St. Louis, a case that presents potentially sweeping implications for workplace discrimination claims. The question before the Court is whether Title VII prohibits discrimination in transfer decisions if the transfer did not create a significant disadvantage for the employee, such as diminished earnings, benefits, or future career prospects. The plaintiff argued that all job-transfer decisions based on a protected characteristic violate Title VII regardless of whether an employee suffers any additional harm, an argument to which a number of Justices appeared sympathetic. The defendant argued that an employee must experience a materially adverse employment action—beyond the transfer decision itself—for the action to be cognizable under Title VII. Depending on its scope, a finding by the Court that the lateral transfer in this case was an actionable change in the “terms, conditions and privileges of employment” could significantly expand the range of employment actions subject to Title VII. An expanded definition of “terms, conditions and privileges of employment” could raise questions, for example, about whether workplace DEI programs that do not constitute tangible employment actions like promotions could nevertheless be actionable under Title VII if they provide differential treatment based on race or gender.

On November 28, 2023, America First Legal (“AFL”), on behalf of Target shareholders, filed an amended complaint in its lawsuit against Target Corporation and certain of its officers. Plaintiffs allege that the Target board depressed Target’s stock price by falsely representing that it was monitoring social and political risks to the company, when it was, in fact, only focused on risks associated with not achieving ESG and DEI goals. The original complaint alleged violations of Sections 10(b) and 14(a) of the Securities Exchange Act of 1934. The amended complaint adds a claim under Section 20(a) of the Exchange Act based on the company’s 2023 Pride Month collection. The amended complaint also adds four new plaintiffs. Responsive pleadings are due on January 26, 2024.

On December 4, 2023, the Sixth Circuit issued a decision in Ames v. Ohio Department of Youth Services, No. 23-3341 (6th Cir. Dec. 4, 2023), calling attention to a circuit split relating to a plaintiff’s burden of proof in Title VII “reverse-discrimination” cases. In affirming the district court’s decision granting summary judgment for the Department, the court relied on Sixth Circuit precedent that requires plaintiffs in reverse-discrimination cases to make an additional showing that “background circumstances . . . support the suspicion that the defendant is that unusual employer who discriminates against the majority.” In a concurring opinion, Judge Raymond M. Kethledge took issue with the background circumstances rule, noting that the rule goes against the express language of Title VII because it imposes different burdens on different plaintiffs based on their membership in different demographic groups. The Sixth, Seventh, Eighth, Tenth, and D.C. Circuits have adopted the background circumstances rule, while the Third and Eleventh Circuits have expressly rejected it. Judge Kethledge predicted that the Supreme Court will resolve the circuit split and review the validity of the background circumstances rule.

With the 2024 proxy season approaching for many publicly traded companies, special interest investors with viewpoints that span the political spectrum continue to use the shareholder proposal process set forth in Securities and Exchange Commission (SEC) Rule 14a-8 to advance their particular pro- or anti-DEI agendas. As we reported on here, shareholder proposals focused on nondiscrimination and diversity issues were the fourth most popular proposals submitted during the 2023 proxy season. These proposals largely focused on requesting racial equity or civil rights audits, reports on DEI efforts, and analyses of gender and racial pay equity. Companies also received shareholder proposals from ESG skeptics like the National Legal and Policy Center and the National Center for Public Policy Research. These proposals asked that companies roll back plans to undertake a racial equity audit, conduct a cost/benefit analysis of DEI programs and conduct a “return to merit” audit where the supporting statements focused on concerns about potential discrimination against “non-diverse” employees or discrimination based on religious and political views. DEI-related shareholder proposals submitted for 2024 annual meetings to date are similar, including shareholder proposals requesting reports on corporate DEI programs and on any risks associated with potential discrimination against conservative viewpoints or ideologies.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

The Washington Post, “Conservatives are suing law firms over diversity efforts. It’s working.” (December 9): The Post’s Julian Mark and Taylor Telford summarize the efforts of Edward Blum’s conservative advocacy group American Alliance for Equal Rights, which has sued or sent threat letters to at least seven law firms challenging their diversity recruitment programs. At least three of these firms changed their diversity fellowship eligibility criteria. Blum noted that “it is likely that other corporate entities with similar racially discriminatory policies will be sued in the coming weeks.” Professor Kenji Yoshino was quoted extensively and offered alternative paths to achieving DEI goals in this new legal landscape.
Bloomberg Law, “Blum Says He’s Done Suing Law Firms as Winston Yields on DEI.” (December 6, 2023): Bloomberg Law’s Tatyana Monnay reports that AAER has no further plans to sue law firms, however, Edward Blum noted that his team still “combs websites of hundreds of firms looking for any evidence of programs he views as illegal.”
Law360, “Commerce Dept. Wants Feedback on Draft DEI Principles” (November 27): Law360’s Sarah Jarvis reports on a recent request by the U.S. Department of Commerce for comments on a proposed set of DEIA principles that set out best practices for DEI in the private sector. According to the Department’s Federal Register notice, the Initiative is intended to be the first step in a long-term effort to “convene private sector business diversity leaders, amplify existing efforts, and inspire additional, voluntary business diversity efforts.” The draft principles are focused on executive leadership, organizational strategy, workforce development, human resources, business opportunities, and community investment. Comments are due January 5, 2024.
Bloomberg Law, “Nasdaq’s Board Diversity Court Win Draws New Conservative Appeal” (November 28): Bloomberg Law’s Andrew Ramonas reports that the National Center for Public Policy Research (“NCPPR”) has filed a petition for en banc review of the Fifth Circuit’s October decision in Alliance for Fair Board Recruitment v. SEC, upholding Nasdaq’s Board Diversity Rules. The Alliance for Fair Board Recruitment, the other petitioner in the case, previously filed a petition for rehearing in October. Among other things, NCPPR contends that the rules exceed the scope of the Exchange Act. Gibson Dunn represents Nasdaq as an intervenor in the case.
Law360 California Pulse, “Diversity In Management Linked To Higher Long-Term Growth” (November 30): Law360’s Aaron West summarizes a new study by corporate social responsibility and workplace equity nonprofit As You Sow, which found that, in certain industries, companies with more racial diversity in management are more likely to demonstrate increases in average long-term financial growth, income after tax, and other financial metrics. According to the report, these positive correlations were evident in the “communication services, consumer discretionary, consumer staples, financials, health care, and information technology sectors.” West notes that the study also identified that the most statistically significant positive financial gains occurred among companies with the largest market capitalization.
Law360, “4th Circ. Reluctant To Reverse White Exec’s Race Bias Verdict” (December 7): Law360’s Hayley Fowler reports on the oral argument before a panel of the Fourth Circuit in Duvall v. Novant Health Inc., a case in which a white executive was awarded nearly $4.6 million after a jury trial on his claim that he was fired as a result of a North Carolina hospital’s diversity initiative, in violation of Title VII. Oral argument on Novant Health’s appeal included an extended discussion of the efforts white collar workers must make to find new employment, in order to mitigate damages. According to Fowler, the panel “seemed dubious” overall of undoing the jury verdict in favor of the plaintiff.

Current Litigation:

Below is a list of updates in new and pending cases:

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

Am. Alliance for Equal Rights v. Winston & Strawn LLP, No. 4:23-cv-04113 (S.D. Tex. 2023): AAER sued law firm Winston & Strawn, challenging its 1L diversity fellowship program as racially discriminatory in violation of Section 1981.
- Latest update: On December 6, 2023, AAER dismissed the case after Winston & Strawn changed its fellowship program eligibility language to be race-neutral.
Phillips v. Starbucks Corp., No. 19-cv-19432 (D.N.J. 2019): On October 28, 2019, a white former Starbucks regional director sued the company for firing her based on her race, allegedly to protect its image after the company suffered bad press when two Black men were arrested in a store for which the plaintiff oversaw operations. The plaintiff alleged discrimination and retaliation in violation of Title VII, Section 1981, and New Jersey state law. On June 12, 2023, a New Jersey federal jury awarded $25.6 million in compensatory and punitive damages to the plaintiff. On July 13, 2023, Starbucks filed a number of post-trial motions, including a motion to vacate and a motion for judgment as a matter of law.
- Latest update: The court heard oral argument on the post-trial motions on November 30, 2023.
Correll v. Amazon.com, Inc., No. 3:21-cv-1833 (S.D. Cal. 2022): On October 28, 2021, a white male businessman sued Amazon, alleging that by having a feature within its website that allows consumers to identify products sold by non-white, non-male sellers, the company violated Section 1981 and separately California Civil Code §§ 51 and 51.5, which prohibit racial discrimination by businesses.
- Latest update: On November 28, 2023, the parties filed a joint motion to dismiss, stipulating to the plaintiff’s dismissal of the action against Amazon with prejudice. The court granted the motion on November 30, 2023.
Bradley, et al. v. Gannett Co. Inc., 1:23-cv-01100 (E.D.V.A. 2023): On August 18, 2023, white plaintiffs sued Gannett over its alleged “Reverse Race Discrimination Policy,” in response to Gannett’s expressed commitment to having its staff demographics reflect the communities it covers, alleging violations of Section 1981.
- Latest update: On November 24, Gannett moved to dismiss, arguing that the plaintiffs failed to state Section 1981 claims because they did not plead specific facts connecting the allegedly discriminatory policy with their own differential treatment on the basis of race. Gannett also argued that many of the actions that the plaintiffs challenged, including performance evaluations and reassignments, did not rise to actionable adverse employment actions. A hearing on the motion to dismiss has been scheduled for January 10, 2024.

2. Challenges to agency rules, laws, and regulatory decisions:

Alliance for Fair Board Recruitment v. SEC, No. 21-60626 (5th Cir. 2021): On October 18, 2023, a unanimous Fifth Circuit panel rejected challenges to Nasdaq’s Board Diversity Rules and the SEC’s approval of those rules. Petitioners Alliance for Fair Board Recruitment and National Center for Public Policy Research sought review of the SEC’s approval of Nasdaq’s Board Diversity Rules, which require companies that have contracted to list their shares on Nasdaq’s exchange to (1) disclose aggregated information about their board members’ voluntarily self-identified diversity characteristics (including race, gender, and sexual orientation), and (2) provide an explanation if fewer than two board members are diverse. The SEC approved the rules after determining that they were consistent with the Exchange Act. Petitioners challenged the rules on constitutional and statutory grounds. Gibson Dunn represents Nasdaq, which intervened to defend its rules.
- Latest update: On October 25, 2023, AFBR petitioned for a rehearing en banc. On November 27, 2023, NCPPR also petitioned for rehearing en banc, and the court ordered the SEC and Nasdaq to respond to the petitions. On November 28, Republican Attorneys General from Utah and 18 other states filed an amicus brief in support of the petitions. Responses to these petitions are due December 18, 2023.
Johnson v. Watkin, No. 1:23-cv-00848-ADA-CDB (E.D. Cal. 2023): On June 1, 2023, a community college professor in California sued to challenge new “Diversity, Equity and Inclusion Competencies and Criteria Recommendations” enacted by the California Community Colleges Chancellor’s Office, claiming the regulations violated the First and Fourteenth Amendments. The plaintiff alleged that the adoption of the new competency standards, which require professors to be evaluated in part on their success in integrating DEI-related concepts in the classroom, will require him to espouse DEI principles with which he disagrees, or be punished. The plaintiff moved to enjoin the policy.
- Latest update: On November 29, 2023, both plaintiff and defendant filed objections to the magistrate judge’s recommendation and proposed order granting a preliminary injunction to prevent the college from disciplining or investigating the plaintiff based on his political speech. The plaintiff argued that the court should enjoin the new DEI rules in their entirety. The defendants argued that the proposed injunction is overbroad and forecloses all DEI policies (including those not yet written), and is factually inaccurate as to how disciplinary procedures work. The defendants further argued that the plaintiff lacks standing and that the rules are constitutionally permissible standards for job-related conduct rather than restrictions of the plaintiff’s personal views.

3. Educational Institutions and Admissions (Fifth Amendment, Fourteenth Amendment, Title VI, Title IX):

Students for Fair Admissions, Inc. v. University of Texas at Austin, 1:20-cv-00763-RP (W.D. Tex. 2020): On July 20, 2020, SFFA sued the University of Texas, alleging that UT Austin’s methods of considering race in undergraduate admissions violated the Equal Protection Clause of the Fourteenth Amendment, Sections 1981, Title VII, the Texas Constitution, and Texas state law.
- Latest update: On October 27, 2023, the defendants moved to dismiss the action as moot, claiming UT Austin made its admissions process race-neutral following the Supreme Court’s decision in SFFA v. Harvard. On November 27, SFFA opposed dismissal, arguing the case is still live because UT Austin has allegedly failed to implement safeguards to ensure its admissions officers comply with the new policy and because SFFA is still seeking an injunction to prohibit UT from reinstituting its prior policy. The defendants’ reply is due on January 11, 2024.
Students for Fair Admissions v. United States Naval Academy, No. 1:23-cv-02699-ABA (D. Md. 2023): On October 5, 2023, SFFA sued the U.S. Naval Academy, arguing that consideration of race in its admissions process violates the Fifth Amendment.
- Latest update: On November 27, 2023, the court set a hearing on the plaintiffs’ motion for a preliminary injunction for December 14, 2023. On December 1, 2023, the Naval Academy and other federal defendants filed their response to the preliminary injunction motion, arguing that SFFA did not demonstrate that it had standing because it submitted only anonymous declarations on behalf of its members, and that it did not demonstrate irreparable harm because there had been a substantial delay in bringing the action. On the merits, the Academy argued that the military has a compelling national security interest in a diverse officer corps, and that its admissions process was narrowly tailored.
Students for Fair Admissions v. U.S. Military Academy at West Point, No. 7:23-cv-08262 (S.D.N.Y. 2023): On September 19, 2023, SFFA sued West Point, arguing that affirmative action in its admissions process, including alleged racial “benchmarks” of “desired percentages” of minority representation, violates the Fifth Amendment of the U.S. Constitution by taking applicants’ race into account.
- Latest update: On November 22, 2023, West Point and other federal officials filed their opposition to the motion for a preliminary injunction. They argued that SFFA has not demonstrated it has standing because it has not pled facts to show its members, who are described anonymously in the complaint, have a stake in the controversy. They also argued that SFFA did not demonstrate irreparable harm, in part because its members have not actually applied for admission to West Point. On the merits, West Point argued that its admissions process is constitutional because the military has a compelling national security interest in a diverse officer corps distinct from academic interests in student diversity, and its admissions process is narrowly tailored.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Elizabeth Ising, Blaine Evanson, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Zoë Klein, Mollie Reiss, Teddy Rube*, Alana Bevan, and Marquan Robertson*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and authors:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, ksmith@gibsondunn.com)

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, mdenerstein@gibsondunn.com)

Elizabeth A. Ising – Partner & Co-Chair, Securities Regulation and Corporate Governance
Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, zswilliams@gibsondunn.com)

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, msenger@gibsondunn.com)

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, bevanson@gibsondunn.com)

*Teddy Rube and Marquan Robertson are associates working in the firm’s Washington, D.C. office who are not yet admitted to practice law.

The role of ESG in capital markets transactions has evolved significantly over the last five years. Please join us for a discussion of these topics and questions provided by the audience.

What opportunities does ESG present to access capital?
What risks does leveraging ESG present for issuers and underwriters?
How does ESG impact marketing, disclosure and diligence?
What are current ESG market trends?
How can we expect ESG to impact capital markets in the future?

PANELISTS:

Crystal Simpson is a managing director and head of energy equity capital markets at Evercore, which includes sustainable energy & clean technology, oil & gas, power, mining and chemicals. Ms. Simpson has led more than 550 bookrun energy equity offerings. Since 2012, she has raised over $120 billion for energy companies, including Altus Power, Antero, Crescent Energy, EVgo, Gulfport, Lithium Americas, Plains All American, Piedmont Lithium, QuantumScape, Shell Midstream, Rice Energy, RSP Permian, Targa, Viper and Williams. She has deep experience leading initial public offerings, follow-ons, equity-linked offerings, private investments in public equities (PIPEs) and pre-IPO capital. She graduated summa cum laude from Washington & Lee University with a B.S. in business administration and accounting alongside a double-major in broadcast journalism.

Oscar Sloterbeck is a senior managing director and leads Evercore ISI’s Company Surveys Team. Mr. Sloterbeck was ranked No. 3 for economics in the 2023 Institutional Investor All-America Research Team survey, a position he has held since 2019. As head of Company Surveys, he oversees proprietary surveys of companies, investors and U.S. states, as well as teens and young adults. These surveys provide unique insights into the economy and market sentiment. Prior to joining Evercore, Mr. Sloterbeck spent three years at JPMorgan Investment Management on the macroeconomics team. He is a chartered financial analyst and earned his B.A. from the College of William & Mary.

Hillary Holmes is Co-Chair of Gibson Dunn’s Capital Markets practice group. Hillary advises corporations, investment banks and institutional investors on all forms of long-term and strategic capital raising, including sustainability-linked financings and IPOs. She regularly advises companies on obligations under federal securities laws, corporate governance and ESG issues. Chambers ranks her amongst the top lawyers for energy capital markets, energy transactions and corporate counseling, and Law 360 has twice named her an Energy MVP. Hillary earned her JD from University of Pennsylvania Law School and her BA from Duke University, cum laude.

Jason Meltzer is a partner in Gibson Dunn’s Litigation Department and has experience in a wide range of complex commercial litigation, with an emphasis on securities and consumer products class action defense. Jason has defended several cases challenging ESG statements as false or misleading, and authored several publications on minimizing risks in connection with ESG statements. Jason also frequently consults for companies about how to minimize litigation risks in connection with their ESG statements and reports. The National Law Journal, Super Lawyers, and The Washington Post Magazine have all recognized Jason as a class actions and civil litigation “Rising Star,” and Jason was recently recognized as one of The Best Lawyers in America in the Commercial Litigation category. Jason received his B.A., magna cum laude, from the University of Pennsylvania, and his J.D. from the University of Pennsylvania Law School.

Marie Kwon is of counsel in the New York office of Gibson, Dunn & Crutcher. She is a member of the firm’s Capital Markets and Securities and Regulation and Corporate Governance Groups. Marie’s practice focuses on counseling corporations and financial institutions on a wide variety of capital markets transactions, including initial public offerings, secondary offerings, debt offerings and ESG financing. In addition, she has advised public companies on reporting obligations under the Exchange Act. Marie received her Juris Doctor from Columbia University. She graduated magna cum laude from Brown University with a Bachelor of Arts degree in International Relations and was a member of Phi Beta Kappa.

MCLE CREDIT INFORMATION:

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

This edition of Gibson Dunn’s Federal Circuit Update summarizes the current status of several petitions pending before the Supreme Court, and recent Federal Circuit decisions concerning attorneys’ fees under 35 U.S.C. § 285, Article III standing, and the Board’s authority to issue a final written decision past the statutory deadline.

Federal Circuit News

Noteworthy Petitions for a Writ of Certiorari:

As we summarized in our October 2023 update, there are a few petitions pending before the Supreme Court. We provide an update below:

In VirnetX Inc. v. Mangrove Partners Master Fund, Ltd. (US No. 23-315), the Court granted an extension for the response, which is now due December 27, 2023. An amicus curiae brief has been filed by the Cato Institute.
In Intel Corp. v. Vidal (US No. 23-135), a response was filed on November 9, 2023. Three amici curiae briefs have been filed. The petition will be considered during the Court’s January 5, 2024 conference.
The Court denied the petition in HIP, Inc. v. Hormel Foods Corp. (US No. 23-185).

Other Federal Circuit News:

New Federal Circuit Rules. The December 1, 2023 amendments to the Federal Circuit Rules are now in effect. The Federal Circuit has also approved increases to its local fees effective December 1, 2023. Details can be found here.

Upcoming Oral Argument Calendar

The list of upcoming arguments at the Federal Circuit is available on the court’s website.

Key Case Summaries (November 2023)

In re PersonalWeb Technologies LLC, Nos. 21-1858, 21-1859, 21-1860 (Fed. Cir. Nov. 3, 2023): This was the third appeal from a multidistrict litigation involving PersonalWeb. In 2011, PersonalWeb sued Amazon for patent infringement. After claim construction, PersonalWeb dismissed with prejudice its claims against Amazon. Then, in 2018, PersonalWeb brought claims against Amazon’s customers on the same patents. Amazon intervened and filed a motion for declaratory judgment barring PersonalWeb’s infringement actions against Amazon and its customers. The cases were consolidated. The district court ultimately entered judgment of non-infringement in favor of Amazon. Amazon then moved for attorneys’ fees and costs under 35 U.S.C. § 285. The district court granted that motion and awarded over $5 million in fees and costs.

The majority (Reyna, J., joined by Lourie, J.) affirmed, holding that the district court did not abuse its discretion in awarding fees and costs. In particular, the majority concluded that the district court did not abuse its discretion when it determined that PersonalWeb’s claims were objectively baseless because it required only a “straightforward application of Kessler,” which precludes follow-up suits against a company’s customers over the same allegedly infringing products that had already been adjudicated. The majority reasoned that a dismissal with prejudice operates as an adverse adjudication on the merits.

Judge Dyk dissented, reasoning that PersonalWeb’s claims against Amazon’s customers were not objectively baseless in light of unsettled case law surrounding the Kessler doctrine, and specifically whether the Kessler doctrine applies to a stipulated dismissal with prejudice or only to a litigated determination of non-infringement. Indeed, PersonalWeb sought certiorari on that very issue from its 2018 litigation, and the Solicitor General filed an amicus brief agreeing with PersonalWeb that its claims should not have been barred under Kessler. Thus, Judge Dyk would have remanded because, in his view, the district court abused its discretion in awarding fees based on PersonalWeb’s Kessler argument.

Actelion Pharmaceuticals Ltd. v. Mylan Pharmaceuticals Inc., No. 22-1889 (Fed. Cir. Nov. 6, 2023): Actelion sued Mylan for infringing two of Actelion’s patents directed to epoprostenol formulations. The parties disputed the meaning of a limitation in the patents requiring “a pH of 13 or higher.” The district court construed the phrase to encompass “values that round up or down to 13, 12.5 and 13.4,” relying exclusively on the intrinsic evidence. Mylan stipulated to infringement of Actelion’s patents under the district court’s construction, and appealed.

The Federal Circuit (Stoll, J., joined by Reyna and Stark, J.J.) vacated and remanded. The Court concluded that the intrinsic evidence was not sufficiently clear as to the level of precision required by a “pH of 13 or higher” and that the district court should have considered the extrinsic evidence the parties presented to ascertain the ordinary meaning of the phrase. Accordingly, the Court vacated the district court’s construction and remanded for the district court to consider the extrinsic evidence in the first instance.

Allgenesis Biotherapeutics Inc. v. Cloudbreak Therapeutics, LLC, No. 22-1706 (Fed. Cir. Nov. 7, 2023): Allgenesis filed a petition for inter partes review (“IPR”) challenging Cloudbreak’s patent directed to the use of multikinase inhibitors, including nintedanib, for treating pterygium, an eye condition involving tumorous growths. During the proceeding, Cloudbreak disclaimed the genus claims, leaving only the claims that more narrowly claimed the use of nintedanib. The Board issued a final written decision finding that Allgenesis failed to show that the remaining nintedanib claims were unpatentable. Specifically, the Board found that the nintedanbi claims were sufficiently described by the specification of a provisional application from which the Cloudbreak patent claimed priority and therefore predated the alleged prior art reference.

The Federal Circuit (Moore, C.J., joined by Stoll and Cunningham, JJ.) dismissed the appeal because it determined that Allgenesis lacked Article III standing. The Court determined that Allgenesis failed to establish an injury-in-fact from potential infringement liability or that the Board’s priority analysis would have a preclusive effect, impacting Allgenesis’s patent rights in issued or still-pending continuation applications. Specifically, the Court held that collateral estoppel would not attach to the Board’s non-appealable priority determination. Instead, if an examiner were to reach the same priority determination during prosecution of Allgenesis’s pending application, “Allgenesis can challenge that determination in a separate appeal.”

Purdue Pharma L.P. v. Collegium Pharmaceutical, Inc., No. 22-1482 (Fed. Cir. Nov. 21, 2023): Purdue sued Collegium for infringement of Purdue’s patent directed to a formulation containing a gelling agent that “prevent[s] or deter[s] the abuse of opioid analgesics by the inclusion of at least one aversive agent in the dosage form.” Collegium filed a petition for post-grant review (“PGR”) of the patent. Purdue subsequently filed for bankruptcy and requested a stay of all proceedings, including the PGR. After the statutory deadline for the Board to issue a final written decision had passed, Purdue asked for the stay to be lifted for the district court proceedings only, but the bankruptcy court lifted the stay for both the district court and PGR proceedings. Purdue then moved to terminate the PGR proceeding, arguing that the Board no longer had the authority to issue a final written decision. The Board denied the motion and issued its final written decision, finding the challenged claims unpatentable for lack of written description and anticipation.

The Federal Circuit (Dyk, J., joined by Hughes and Stoll, JJ.) affirmed. The Court determined that the Board’s failure to meet the statutory deadline did not deprive the Board of authority to issue a final written decision. The Court noted that the statutory language required that the Board issue a final written decision by a certain deadline, but found no congressional intent to “deprive the agency of power” to act after the deadline passed.

The following Gibson Dunn attorneys assisted in preparing this update: Blaine Evanson, Jaysen Chung, Audrey Yang, Al Suarez, Julia Tabat*, and Vivian Lu.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups, or the following authors:

Blaine H. Evanson – Orange County (+1 949.451.3805, bevanson@gibsondunn.com)
Audrey Yang – Dallas (+1 214.698.3215, ayang@gibsondunn.com)

Appellate and Constitutional Law:
Thomas H. Dupree Jr. – Washington, D.C. (+1 202.955.8547, tdupree@gibsondunn.com)
Allyson N. Ho – Dallas (+1 214.698.3233, aho@gibsondunn.com)
Julian W. Poon – Los Angeles (+ 213.229.7758, jpoon@gibsondunn.com)

Intellectual Property:
Kate Dominguez – New York (+1 212.351.2338, kdominguez@gibsondunn.com)
Y. Ernest Hsin – San Francisco (+1 415.393.8224, ehsin@gibsondunn.com)
Josh Krevitt – New York (+1 212.351.4000, jkrevitt@gibsondunn.com)
Jane M. Love, Ph.D. – New York (+1 212.351.3922, jlove@gibsondunn.com)

*Julia Tabat is an associate working in the firm’s Dallas office who currently is admitted to practice in Illinois.

An Expert Analysis of FCPA Liability and Avoiding the Third Party Pitfall

Gibson, Dunn & Crutcher LLP is pleased to announce with Global Legal Group the release of Global Legal Insights – Bribery & Corruption 2024. Gibson Dunn partner Michael Diamant and partner-elect Melissa Farrar, with assistance from associates Allison Lewis and Kelly Skowera, were contributing editors to the publication’s Expert Analysis chapter, “Bribery & Corruption Laws and Regulations 2024 | FCPA liability: avoiding the thirdparty pitfall,” which addresses FCPA liability for actions of third parties and related compliance strategies. The Guide, comprising 21 jurisdictions, is live and FREE to access.

Please view this informative and comprehensive chapter via the links below:

CLICK HERE to view “Bribery & Corruption Laws and Regulations 2024 | FCPA liability: avoiding the thirdparty pitfall.”

CLICK HERE to view, download or print a PDF version.

The following Gibson Dunn lawyers prepared this publication: Michael Diamant and Melissa Farrar, with assistance from Allison Lewis and Kelly Skowera.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Anti-Corruption & FCPA practice group, or the following authors:

Michael S. Diamant – Washington, D.C. (+1 202.887.3604, mdiamant@gibsondunn.com)

Melissa Farrar – Washington, D.C. (+1 202.887.3579, mfarrar@gibsondunn.com)

Join us for a 30-minute briefing covering several M&A practice topics. The program is the fourth in a series of quarterly webcasts designed to provide quick insights into emerging issues and practical advice on how to manage common M&A problems. Stephen Glover, co-chair of the firm’s Global Mergers and Acquisitions Practice, acts as moderator.

Topics discussed:

Branden Berns and Pamela Endreny discuss some of the key corporate, securities law and tax issues that arise in connection with the use of contingent value rights to bridge valuation gaps in M&A transactions.
Lora Elizabeth MacDonald describes the Department of Justice’s plan to provide guidance regarding corporate self-disclosure tailored to M&A transactions.
Andrew Kaplan provides an update on recent trends in shareholder activism.

PANELISTS:

Stephen Glover is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher who has served as Co-Chair of the firm’s Global Mergers and Acquisitions Practice. Mr. Glover has an extensive practice representing public and private companies in complex mergers and acquisitions, joint ventures, equity and debt offerings and corporate governance matters. His clients include large public corporations, emerging growth companies and middle market companies in a wide range of industries. He also advises private equity firms, individual investors and others. Mr. Glover has been ranked in the top tier of corporate transactions attorneys in Washington, D.C. for the past seventeen years (2005 – 2023) by Chambers USA America’s Leading Business Lawyers. He has also been selected by Chambers Global for the past five years as a top lawyer for USA Corporate/M&A. Chambers has singled out Mr. Glover as the only “Star” corporate lawyer in the District of Columbia.

Branden Berns is a partner in the San Francisco office of Gibson, Dunn & Crutcher, where he practices in the firm’s Corporate Transactions Practice Group, with a practice focused on representing leading life sciences companies and investors. Mr. Berns advises clients in connection with a variety of financing transactions, including initial public offerings, secondary equity offerings and venture and growth equity financings, as well as complex corporate transactions, including mergers and acquisitions, asset sales, spin-offs, joint ventures, PIPEs and leveraged buyouts. Mr. Berns regularly serves as principal outside counsel for publicly-traded companies and advises management and boards of directors on corporate law matters, SEC reporting and corporate governance.

Pamela Lawrence Endreny is a partner in the New York office of Gibson, Dunn & Crutcher. Ms. Endreny represents clients in a broad range of U.S. and international tax matters. Ms. Endreny’s experience includes mergers and acquisitions, spin-offs, joint ventures, financings, restructurings and capital markets transactions. She has obtained private letter rulings from the Internal Revenue Service on tax-free spin-offs and other corporate transactions. She has been repeatedly selected for inclusion in Chambers USA: America’s Leading Lawyers for Business, and was also named a Tax “MVP” by Law360. Ms. Endreny is a member of the Executive Committee of the New York State Bar Association Tax Section. She is also a member of the Tax Forum and Private Investment Fund Tax Forum.

Andrew Kaplan is a partner in the New York office of Gibson, Dunn & Crutcher, where his practice focuses on mergers and acquisitions, and corporate governance matters. Mr. Kaplan represents both public and private acquirors and targets in connection with mergers, acquisitions and takeovers, both negotiated and contested. Mr. Kaplan also advises corporations and their boards of directors in connection with corporate governance and compliance matters, shareholder activism, takeover preparedness and other corporate matters. He also represents various major investment banks as financial advisors in M&A transactions, and hedge funds in their M&A and investment activities. Mr. Kaplan also has represented both issuers and underwriters in a variety of securities transactions.

Lora Elizabeth MacDonald is of counsel in the Washington, D.C. office of Gibson, Dunn & Crutcher. She practices in the Firm’s Litigation Department, focusing on white collar criminal defense, internal investigations, and corporate compliance.Lora has extensive experience representing multinational corporations as well as individuals in connection with internal investigations related to potential violations of the U.S. Foreign Corrupt Practices Act (“FCPA”) and U.S. antitrust laws. As part of her practice, she regularly interacts with attorneys at the U.S. Department of Justice and the U.S. Securities and Exchange Commission. Lora has particular experience guiding companies towards the resolution of DOJ and SEC investigations, as well as prophylactic and post-resolution corporate compliance. Lora regularly advises on anti-corruption aspects of proposed mergers and acquisitions, and conducts related due diligence as well as compliance program reviews and pre- and post-acquisition due diligence.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 0.5 credit hour, of which 0.5 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 0.5 hour.

Neither the Connecticut Judicial Branch nor the Commission on Minimum Continuing Legal Education approve or accredit CLE providers or activities. It is the opinion of this provider that this activity qualifies for up to 30 minutes toward your annual CLE requirement in Connecticut, including 0 hour(s) of ethics/professionalism.

Application for approval is pending with the Texas, Virginia and Washington State Bars.

The Proposed Guidelines set out for the first time the specific regulatory requirements and the SFC’s regulatory expectations in respect of market soundings in Hong Kong.

On October 11, 2023, Hong Kong’s Securities and Futures Commission (“SFC”) published a consultation paper (the “Consultation Paper”) on the proposed guidelines for market soundings (the “Proposed Guidelines”).[1] The Proposed Guidelines are noteworthy since it sets out for the first time the specific regulatory requirements and the SFC’s regulatory expectations in respect of market soundings in Hong Kong. This client alert will explore the SFC’s proposals in greater detail.

I. Why introduce the Proposed Guidelines?

To understand the rationale of the requirements in the Proposed Guidelines, it is helpful to understand why the SFC has decided that it is the appropriate time to introduce the Proposed Guidelines.

Firstly, the SFC observed an increasing number of persons trading ahead of placings and block trades, which suggested that some intermediaries may have unfairly taken advantage of non-public information received during market soundings to make unjustified profits. This led the SFC’s thematic review of market sounding practices and controls adopted by intermediaries in 2022, where the SFC noted a divergence of practices among intermediaries in designing their risk controls over market soundings, which suggested that more clarity on the SFC’s regulatory expectations was required to deter substandard conduct and to assist intermediaries in upholding market integrity during market soundings.

Secondly, in light of the determination of the Securities and Futures Appeals Tribunal (“SFAT”) on September 27, 2022 (the “SFAT Determination”) in the Aarons case,[2] the SFC considered it appropriate to provide both sell-side and buy-side market participants with additional clarity on complying with the general principles in the Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (the “Code of Conduct”) during market soundings. In summary, the case involved a hedge fund manager who entered into short swaps (which can be used for short selling) after the manager received non-public information about an intended block sale (a large, privately negotiated sale of securities) of shares in a listed Korean company from one of the underwriters of the block sale. The communication was made by the underwriter (a sell-side broker) to the hedge fund manager (a buy-side participant) as part of a market sounding to see if the manager would be interested in participating as a buyer on the block sale. After news of the block sale became public, there was a material drop in the share price of the listed Korean company, and the short swaps entered into by the hedge fund manager generated a profit for the fund he managed.

The SFAT upheld the finding by the SFC that the hedge fund manager’s conduct was such that he was not a fit and proper person to continue to be licensed, having regard to General Principles 1 (Honesty and fairness) and 7 (Compliance) of the Code of Conduct. In doing so, the SFAT determined that a two years suspension of the hedge fund manager’s licence was the most appropriate sanction.

It is relevant to note that the hedge fund manager was not charged with the offence of insider dealing under the Securities and Futures Ordinance (Cap. 571) (“SFO”). The reason is likely because the civil and criminal insider dealing regimes[3] under the SFO have a regulatory lacuna with respect to insider dealing committed in Hong Kong with respect to overseas listed securities. This regulatory lacuna will be addressed when amendments to the insider dealing provisions under the SFO are introduced (please see our earlier client alert [4] for further details). As such, in hearing the appeal, it was not necessary for the SFAT to determine whether or not the communication made to the hedge fund manager constituted “inside information” as defined in the SFO. Rather, the issue to be determined by the SFAT was whether the hedge fund manager’s conduct breached the Code of Conduct (namely, General Principles 1 and 7).[5] The SFAT ultimately agreed with the SFC’s findings that the hedge fund manager’s deceitful conduct after receiving “material non-public information” about an impending block sale meant that he failed to adhere to principles of honest and fair conduct, and hence failed to act with the integrity that the market required, and in conclusion failed to comply with General Principles 1 and 7 of the Code of Conduct.

II. What communications are subject to the Proposed Guidelines?

The Proposed Guidelines would apply to the communication of non-public information – irrespective of whether or not it is price-sensitive “inside information”[6] – with potential investors prior to the announcement of a securities transaction, to gauge their interest in a potential transaction or assist in determining the specifications related to a potential transaction (such as private placements and large block trades) (“Market Sounding”), by intermediaries who:

Disclose non-public information during the course of a Market Sounding (“Disclosing Person”), such as a sell-side broker acting on behalf of an issuer or an existing shareholder selling in the secondary market (“Market Sounding Beneficiary”) in a potential securities transaction; and
Receive non-public information during the course of a Market Sounding, such as a buy-side firm that is sounded out by a Disclosing Person as a potential investor in a potential securities transaction(collectively, a “Market Sounding Intermediary”).[7]

It is important to highlight that the Proposed Guidelines apply to communications on all “non-public information”, irrespective of whether the same information constitutes “inside information” under the SFO. It is also noticeable that, despite referring to the SFAT Determination, the Proposed Guidelines do not use the potentially narrower term “material” non-public information, as found in the SFAT Determination, and instead adopt the much broader term “non-public information”. This appears to be intentional, as the Consultation Paper explains that one of the SFC’s concerns was that intermediaries may run the risk of potential misconduct from an inaccurate determination of what constitutes “inside information”, as it often involved complex judgment and interpretations and that it was not uncommon for parties to arrive at different conclusions)[8] – and presumably similar concerns apply to the determination of whether or not non-public information is “material” or not. Adopting the broader term “non-public information” therefore reduces the risk of inaccurate determinations.

III. What communications are not subject to the Proposed Guidelines?

According to the Consultation Paper, the Proposed Guidelines will not apply to communications regarding:

Speculative transactions or trade ideas shared by a Disclosing Person without consulting with the potential Market Sounding Beneficiary or without any “level of certainty” of such transactions materialising. The Proposed Guidelines provides guidance on the factors to consider in determining whether there is some “level of certainty”, such as the extent to which the Market Sounding Beneficiary has expressed an interest with the Disclosing Person in proceeding with a possible transaction, among other factors[9];
Transaction in such size, value, structure or selling method, that are commensurate with “ordinary day-to-day trade execution”, such as a sell-side broker sourcing potential buy-side participants to execute an ordinary size trade (in relation to the average trading volume or market capitalisation) after receiving an actual order instruction placed by the sell-side broker’s client with a genuine intention for execution; and
Public offering of securities.

The above carve-outs will be important in light of the wide range of Market Sounding communications that are likely to contain some form of “non-public information”. However, internal procedures and controls will need to be carefully designed and implemented, or else intermediaries run the risk of potential misconduct from an inaccurate determination of whether a particular communication falls within the above carve-outs, and therefore failing to comply with the regulatory requirements in the Proposed Guidelines.

The Proposed Guidelines also make clear that they may apply even before a formal mandate from the Market Sounding Beneficiary is received, i.e. as soon as the Disclosing Person starts to conduct any form of market sounding (soft or otherwise) on behalf of a Market Sounding Beneficiary.

IV. Core Principles of Market Sounding

The Proposed Guidelines contain a set of Core Principles (“CP”), which all Market Sounding Intermediaries should comply with in conducting Market Soundings. The CPs are briefly summarised below[10]:

CP 1. Market Integrity: Market Sounding Intermediaries should maintain confidentiality and not trade on or use non-public information passed or received during Market Soundings for the benefit of themselves or others until the information ceases to be non-public.
CP 2. Governance: Market Sounding Intermediaries should implement robust governance and oversight arrangements over its Market Sounding activities. This includes: (i) senior management are responsible for oversight of Market Soundings; (ii) establish governance arrangements for Marketing Soundings; (iii) designate a committee or person(s) independent from the “front-office” to monitor Market Soundings in support of senior management oversight; and (iv) develop and implement appropriate reporting lines and escalation processes to ensure any Market Sounding issues are promptly reported to senior management and the designated committee or person(s) for review and follow-up action.
CP 3. Policies and Procedures: Market Sounding Intermediaries should establish and maintain effective policies and procedures specifying the manner and expectations in which its Market Soundings should be conducted. The written polices and procedures should cover, among other matters: (i) when they become applicable and the timing and procedures of Market Soundings; (ii) allocation of roles and responsibilities among staff involved in Market Soundings, taking into account the “three lines of defence” and ensuring proper staff training; (iii) personal dealing restrictions; (iv) escalation protocols; (v) consequences for non-compliance with the Market Sounding requirements; (vi) categorisation, identification and handling of information during the course of Market Soundings; and (vii) record-keeping requirements.
CP 4. Information Barrier Controls: Market Sounding Intermediaries should implement adequate and effective physical and electronic information barrier controls to prevent inappropriate disclosure, misuse or leakage of non-public information during the course of Market Soundings. This includes, but is not limited to: (i) physical segregation; (ii) system user access controls; (iii) information sharing policies and procedures (e.g. Market Sounding information should be restricted to authorised personnel on a “need-to-know” basis and disclosed only through authorised communication channels); and (iv) maintaining a list of internal and external recipients of non-public information as well as “Restricted List” to prohibit trading on non-public information.
CP 5. Review and Monitoring Controls: Market Sounding Intermediaries should establish effective procedures and controls to monitor and detect suspicious behaviour, unauthorised disclosure, or misuse of information from Market Soundings. This includes periodic reviews of trading and communication surveillance controls, voice and electronic communications, and unauthorised access to information.
CP 6. Authorised Communication Channels: Market Sounding Intermediaries should only use recorded and firm-authorised communication channels to conduct Market Soundings, until the information ceases to be non-public.

Market Sounding Intermediaries are expected to periodically review and update their governance and oversight arrangements, policies and procedures, and internal systems and controls, to ensure that they remain robust and effective.

V. Specific requirements for Disclosing Persons

As the party that initiates Market Soundings, Disclosing Persons bear the initial responsibility to ensure that any non-public information associated with Market Soundings is properly safeguarded and disclosed in accordance with the standards of conduct set out in the Proposed Guidelines. To this end, the specific requirements applicable to the Disclosing Persons are more extensive than for the Recipient Persons, and are summarised below.[11]

Stage of Market Sounding	Specific Requirements
Pre-Market Sounding procedures	Before the initial contact with Recipient Persons or other potential investors to conduct a Market Sounding, a Disclosing Person should: Conduct assessments to determine whether the information disclosed during the Market Sounding would constitute non-public information; Obtain consent from the Market Sounding Beneficiary to engage in the Market Sounding; and Determine in advance, on a case-by-case basis taking into account the requirements in the Proposed Guidelines: (i) a standard set of information to be disclosed to Recipient Persons, (ii) an appropriate timing to conduct the Market Soundings, and (iii) a suitable number of Recipient Persons to contact for the Market Sounding.
During the Market Sounding communications process	A Disclosing Persons should adopt a standardised pre-approved script that is reviewed by senior management or independent functions, such as Legal and Compliance, during initial and subsequent Marketing Sounding communications. In summary, the script should at a minimum include: A statement that the communication is for the purpose of a Market Sounding and that the Recipient Person shall keep confidential the non-public information, and not trade or use such information for its own or others’ benefit until the information ceases to be non-public; A statement that the conversation is recorded and to request the Recipient Person’s consent for recording; Confirm that the individual is the person designated by the Recipient Person to receive Market Soundings; A statement that the Recipient Person will receive information which the Disclosing Person considers to non-public and a request for their consent to receive such information; and An estimate of when the information will cease to be non-public, where possible. After obtaining the above consents, a Disclosing Person should provide a written confirmation to the Recipient Person as soon as possible, summarising the contents covered in its Market Sounding communications. Prior to receiving the Recipient Person’s consent (as explained above), a Disclosing Person should ensure that any preliminary information shared with the Recipient Person is sufficiently broad, limited, vague and anonymised to minimise the change of the Recipient Person guessing the name of the security involved. Greater caution should be exercised in determining the amount of non-public information to be shared where the subject security may be identified even with the provision of only limited information (e.g. for narrow industry sectors) – for example the situation in the SFAT Determination as discussed above.
Cleansing	After non-public information has been disclosed during a Market Sounding, a Disclosing Person should: (i) conduct assessments to determine whether the information has ceased to be non-public (e.g. following the announcement of the transaction, or if the transaction was called off); and (ii) inform the Recipient Person(s) as soon as possible in writing when the information ceases to be non-public according to the Disclosing Person’s assessment.
Record keeping	A Disclosing Person should keep the records in relation to its Market Soundings for a period of not less than seven years. These records must include: Consents obtained from Market Sounding Beneficiaries to engage in Market Soundings; A list of Recipient Persons who informed the Disclosing Person that they do not wish to receive any Market Soundings; Audio, video or text recordings of Market Soundings conducted; The Disclosing Person’s assessment considerations, rationales, and discussions with the Market Sounding Beneficiary (if any), in determining whether the information disclosed would constitute non-public information, and whether non-public information disclosed during Market Soundings has ceased to be non-public; A list of all internal and external persons(s) who possess non-public information as a result of Market Soundings, including details such as the date and time of the Marketing Sounds, information and materials disclosed, etc.; Notifications to inform Recipient Persons when the information ceases to be non-public.

VI. Specific requirements for Recipient Persons

The specific requirements for Recipient Persons are relatively lighter when compared with the Disclosing Person, and are summarised below.[12]

Stages of Market Sounding

Requirements

Handling of Market Sounding requests

A Recipient Person should:

Designate a properly trained specified person(s) to receive Market Soundings, and inform the Disclosing Persons of such arrangement upon being contacted by the Disclosing Persons for Market Soundings; and
Inform the Disclosing persons whether it wishes to, or not to, receive Market Soundings from the Disclosing Persons.

Record keeping

A Recipient Person should keep the records in relation to its Market Soundings for a period of not less than seven years. These records must include:

Any notifications given to the Disclosing Person of its wish to, or not to, receive Market Soundings;
Audio, video or text recordings of Market Sounding received; and
A list of all internal and external persons(s) who possess non-public information as a result of Market Soundings, including details such as the date and time of the Marketing Sounds, information and materials disclosed, etc.

VII. Conclusion

The Consultation Paper containing the Proposed Guidelines is currently undergoing a public consultation. The SFC has indicated that it currently plans to provide a six-month transition period for the industry to update their internal procedures and controls after the Proposed Guidelines are finalised. Even prior to the finalisation of the Proposed Guidelines, intermediaries may still find it helpful to compare their existing internal procedures and controls with the requirements in the Proposed Guidelines, as it provides useful guidance on the SFC’s regulatory expectations and areas which an intermediary may wish to consider updating. As demonstrated by the SFAT Determination, the SFC can still find an intermediary to be in breach of the General Principles in the existing Code of Conduct if the intermediary engages in substandard conduct in respect of market soundings.

__________

[1] “Consultation Paper on the Proposed Guidelines for Market Soundings”, published by the SFC on October 11, 2023, available at: https://apps.sfc.hk/edistributionWeb/api/consultation/openFile?lang=EN&refNo=23CP6

[2] Christopher James Aarons v. Securities and Futures Commission, SFAT Application No. 1 of 2021, Determination, September 27, 2022, available at: https://www.sfat.gov.hk/files/SFAT%202021-1%20determination.pdf

[3] SFO, sections 270 and 291.

[4] “Hong Kong SFC Places Key Reforms to SFO Enforcement Provisions on Hold Following Industry Feedback”, published by Gibson Dunn on August 11, 2023, available at: https://www.gibsondunn.com/hong-kong-sfc-places-key-reforms-to-sfo-enforcement-provisions-on-hold-following-industry-feedback/.

[5] SFAT Determination, paragraph 192.

[6] “Inside information” is defined in sections 245 and 285 of the Securities and Futures Ordinance as “specific information that (a) is about (i) the corporation; (ii) a shareholder or officer of the corporation; or (iii) the listed securities of the corporation or their derivatives; and (b) is not generally known to the persons who are accustomed or would be likely to deal in the listed securities of the corporation but would if generally known to them be likely to materially affect the price of the listed securities.

[7] The Consultation Paper, paragraph 24; and the Proposed Guidelines, paragraph 1.2.

[8] The Consultation Paper, paragraphs 20 to 21.

[9] According to the Proposed Guidelines, a case-by-case consideration of the facts and circumstances is needed to determine whether there is some “level of certainty” of a corresponding potential transaction materialising. The examples of factors to take into account when making such determination include the extent to which the Market Sounding Beneficiary has orally or in writing: (i) expressed an interested with the Disclosing Person in proceeding with a possible transaction; (ii) shared any particulars with the Disclosing Person in relation to the possible transaction (such as the timing, size, pricing or structure of the transaction); or (iii) mandated, requested or consented to the gauging of investor appetite by the Disclosing Person. It is important to note that these are only examples of some factors to take into account, and are not intended to be exhaustive.

[10] The Consultation Paper, paragraphs 27 to 41; the Proposed Guidelines, paragraph 2.

[11] The Proposed Guidelines, paragraph 3.

[12] The Proposed Guidelines, paragraph 4.

The following Gibson Dunn lawyers prepared this client alert: William Hallatt, Arnold Pun, and Jane Lu*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact any member of Gibson Dunn’s Global Financial Regulatory team, including the following members in Hong Kong:

William R. Hallatt – Hong Kong (+852 2214 3836, whallatt@gibsondunn.com)
Emily Rumble – Hong Kong (+852 2214 3839, erumble@gibsondunn.com)
Arnold Pun – Hong Kong (+852 2214 3838, apun@gibsondunn.com)
Becky Chung – Hong Kong (+852 2214 3837, bchung@gibsondunn.com)

*Jane Lu is a paralegal (pending admission) working in the firm’s Hong Kong office who is not yet admitted to practice law.

An overview of key technical provisions and practical takeaways for regulated parties from EPA’s final methane rule.

On December 2, 2023, the U.S. Environmental Protection Agency (EPA) announced its finalized rule targeting methane emissions from the oil and gas sector. In this regulatory action, EPA enacted (i) new source performance standards (NSPS) for methane and volatile organic compounds (VOCs) from new or modified oil and gas sources and (ii) emissions guidelines for states to follow in designing and executing implementation plans to cover existing sources.

This final rule is one of the Biden Administration’s signature actions to address climate change. In finalizing the rule, EPA included measures designed to decrease flaring and fugitive emissions from oil and gas production facilities and also moved forward with its novel “Super Emitter” program that allows third parties to track large emissions events. But the final rule also included additional flexibility for industry and states compared to EPA’s proposal, such as more time for states to submit compliance plans for existing facilities, more time for certain requirements, and flexibility for industry to use advanced monitoring technologies to detect methane leaks.

This client alert summarizes the key technical provisions for oil and gas production and practical takeaways for regulated parties.[1]

Who is subject to the rule? The rulemaking applies to new and existing oil and gas facilities involved in (i) production and processing, including equipment and processes at well sites, storage tank batteries, gathering and boosting compressor stations, and natural gas processing plants, and (ii) natural gas transmission and storage, including compressor stations and storage tank batteries.

What are the key takeaways? Leveraging EPA’s existing VOC rules governing oil and gas production, EPA’s new rule requires frequent monitoring and repair of methane leaks at well sites, centralized production facilities, and compressor stations using established inspection technologies or, at an operator’s election, novel advanced detection technologies. Similarly, storage vessels at production facilities are regulated in largely the same manner under this final rule as existing VOC requirements. However, storage vessels that previously were unaffected by regulation, including both new and existing facilities, may now be subject to NSPS based upon updated definitions and the addition of a new applicability trigger. Finally, the rule aims to phase out venting and flaring of gas coming from oil wells. Agency officials said the most significant emissions reductions created by the final rule come from this directive for new oil wells to eliminate routine gas flaring as well as requiring continuous operation of flares on storage tanks.

Unique to this rule is EPA’s creation of the “Super Emitter” program for identifying and addressing significant methane leaks from production facilities, including an avenue for qualified third parties to alert EPA of owners and operators exceeding the emissions standards and for EPA, in turn, to require owners/operators to investigate such alerts.

In addition, the rule imposes a number of new requirements on reciprocating compressors, centrifugal compressors, pneumatic pumps and controllers (even prohibiting using natural gas in all but a few circumstances) and sweetening units, as well as the completion process and liquids unloading process.

How has EPA structured the legal framework?[2] The new rule establishes a role for both federal and state standards. First, new federal NSPS, added at 40 C.F.R. part 60, subpart OOOOb, apply to sources that commenced construction, modification, or reconstruction after December 6, 2022.

Second, existing sources will be regulated by emissions guidelines implemented as part of state programs that are equivalent to federal NSPS. These emissions guidelines – which essentially serve as model rules for states to implement – are set forth in a new subpart, OOOOc. States can either adopt presumptive standards set forth in the OOOOc emissions guidelines for existing sources or develop their own standards that are as strict as the federal standards, and they must conduct meaningful public engagement during their development of these standards.

EPA must approve all state emissions standards, and if a state’s standards are not as strict as the federal standards, EPA can then promulgate a rule for that state.[3]

What is the applicability date? The final rule’s “applicability date” is December 6, 2022. Sources constructed, modified or reconstructed after December 6, 2022 will need to comply with the new source performance standards in OOOOb.

Sources constructed prior to December 6, 2022 will be considered existing sources and will have later compliance dates under state plans. For this category of existing sources, states have two years to propose these standards, and operators have three years after that submission deadline to comply. For that reason, the deadline for compliance for existing sources will vary based on location, but could be up to five years.

What are the key differences in obligations for new and existing sources? Both subpart OOOOb and subpart OOOOc include new requirements to address methane emissions from oil and gas operations using the “best system of emission reduction” (BSER) as summarized below. With the exception of requirements governing new wells and well completions (and particularly the flaring requirements), the final NSPS subpart OOOOb requirements for new affected facilities and the presumptive standards for existing facilities under subpart OOOOc are largely the same as it relates to methane. The key differences between the two programs are (i) the timeframe for compliance, (ii) the additional requirements for new wells, particularly as it relates to flaring, and well completions, and (iii) the additional requirements for VOC control for new sources.[4]

What are the key elements of the new requirements?

Eliminating Routine Flaring From Oil Wells. EPA’s new rule phases out flaring of gas coming from new oil wells under subpart OOOOb. It phases in flaring restrictions by dividing wells into three categories based on construction date. For new wells constructed after future dates set by the rule, routine flaring will be prohibited after the phase-in period; ultimately, absent a safety concern or defined malfunctions, gas from these wells must be routed to a sales line, used as an onsite fuel source or another useful purpose that a purchased fuel, chemical feedstock, or raw material would serve, or reinjected into the well or into another well upon start-up.

Under subpart OOOOc, for preexisting wells with documented methane emissions of 40 tons per year or less, flaring is permitted provided that the gas is routed to a flare or control device that achieves 95.0 percent reduction in methane. For existing wells with documented methane emissions of 40 tons per year or more, flaring is prohibited absent a showing of technical infeasibility with alternative options. These alternatives include routing the gas to a sales line, using it as an onsite fuel source or for another useful purpose, or injecting it back into the same well or another well. If all of these options are technically infeasible, then these existing wells (producing associated gas with more than 40 tpy of methane) can route associated gas to a flare or control device that achieves 95.0 percent reduction in methane.

Third-Party Monitoring of Super Emitters. EPA’s rule establishes the Super Emitter Program. Under this program, certain third-parties can seek agency authorization to detect “super emitter” events at operators’ sites and report those events to EPA. A super emitter event is defined by the rule as emissions of 100 kilograms (220.5 pounds) of methane per hour or larger.

To qualify, these third parties must be credentialed by EPA. Third parties must submit any super emitter detections to EPA, which then verifies them and notifies the operator. Upon receiving such a notification, an operator is required to investigate the alleged super emitter event within five days and report the results of the investigation to EPA within 15 days of the notification. Additionally, incidents that trigger this program may also trigger the Department of Transportation’s upcoming Pipeline and Hazardous Materials Safety Administration rule, which will likely impose reporting and remediation requirements in the event of a major leak (a term that has yet to be defined).

In response to industry comments, the final rule takes a different approach from the proposed rule in that EPA, and not third parties, will notify an identified owner or operator after reviewing third-party notifications of the presence of a super emitter event at or near its oil and gas. Also, in response to comments, the final rule provides that certified third parties only will be authorized to use remote sensing technologies such as satellites or aerial surveys—the program does not authorize third parties to enter well sites or other oil and gas facilities.

Storage Vessel Applicability Changes. In the regulation, EPA has retained the preexisting control and operational requirements governing storage tanks used in oil and gas production under NSPS Subparts OOOO and OOOOa, including the requirement to reduce emissions by 95 percent, but it has added methane into the VOC framework, changed the trigger governing when the federal requirements apply, and added requirements for determining when state permit limits are legally and practicably enforceable limits. These applicability changes potentially impact both new and existing operations.

For purposes of the NSPS applicability trigger governing new or modified facilities, EPA’s rule adds storage tank batteries (i.e. groups of tanks that are adjacent and receive fluids from the same source) to the existing definition of storage vessel. A tank battery is an affected facility under the rule if the aggregate potential methane emissions from the group of storage vessels is greater than or equal to 20 tons per year. This is a change from EPA’s preexisting approach under NSPS Subpart OOOO and OOOOa, which evaluates applicability based on emissions from individual storage tanks (as opposed to batteries). If owners or operators of new or modified facilities trigger NSPS Subpart OOOOb applicability under this new criteria, then the owners/operators of tanks or batteries qualifying as affected facilities must reduce VOC and methane emissions by 95 percent (as previously required by NSPS Subpart OOOO and OOOOa).

The NSPS rule also updates the definition of “modification” to cover the occurrence of an increase in potential emissions of a tank battery such that its potential to emit (PTE) exceeds the 6 tons of VOC per year or 20 tons of methane per year thresholds following any of these four specified physical or operational changes: (i) adding a storage vessel to an existing battery; (ii) increasing the cumulative storage capacity of the battery by replacing one or more storage vessels; (iii) for well sites or centralized production facilities: an existing battery receives additional crude oil, condensate, intermediate hydrocarbons, or produced water throughput (e.g. as a result of hydraulic fracturing or hydraulic refracturing); (iv) for compressor stations or onshore natural gas processing plants: an existing battery receives additional fluids which cumulatively exceed the throughput used in the most recent determination of the potential for VOC or methane emissions.

Owners/operators of existing tanks or tank batteries also will need to evaluate a new applicability trigger under the emissions guidelines set forth in Subpart OOOOc (as incorporated into state plans). Under the presumptive standard, for existing storage tanks or tank batteries with a PTE of 20 tons of methane per year or greater, owners/operators will have to reduce their emissions by 95 percent. In other words, under the rule, existing tank systems can now trigger NSPS requirements if their potential methane emissions exceed 20 tons per year.

Finally, EPA finalized criteria that must be met for a permit limit or other requirement to qualify as a legally and practicably enforceable limit for purposes of determining whether a tank battery is an affected facility or designated facility under NSPS OOOOb. A legally and practicably enforceable limit must include a quantitative production limit and quantitative operational limit(s) for the equipment, or quantitative operational limits for the equipment; an averaging time period for the production limit, if a production-based limit is used, that is equal to or less than 30 days; established parametric limits for the production and/or operational limit(s), and where a control device is used to achieve an operational limit, an initial compliance demonstration (i.e., performance test) for the control device that establishes the parametric limits; ongoing monitoring of the parametric limits that demonstrates continuous compliance with the production and/or operational limit(s); recordkeeping by the owner or operator that demonstrates continuous compliance with the limit(s) in; and periodic reporting that demonstrates continuous compliance.

New Methane Leaks Requirements. EPA’s new rule restructures leak detection and repair (LDAR) requirements based upon the type of facility involved in order to address methane and VOC leaks. In general, affected facilities are well sites, centralized production facilities, and compressor stations where components with the potential to emit fugitive emissions of methane or VOC are present.

Well sites are broken into several regulatory categories.

Single wellhead only well sites require quarterly audible, visual, and olfactory (AVO) inspections. Owners and operators have 15 days from detecting a leak to initiate repairs and must complete those repairs within 15 days after the first repair.
Multi-wellhead only well sites require semiannual optical gas imaging (OGI) inspections (or optional EPA Method 21 inspections) and quarterly AVO inspections. Repairs of any leaks must commence within 30 days of detection and be completed 30 days after the first repair attempt.
Well sites with major production and processing equipment, including one or more controlled storage vessels or tank batteries, control devices, or natural gas-driven process controllers or pumps, and centralized production facilities require quarterly OGI inspections (or optional EPA Method 21 alternative inspections) and bimonthly AVO inspections. Leak repairs must commence within 30 days and be completed 30 days after the first repair attempt.

At compressor stations, the rule requires quarterly OGI inspections (or EPA Method 21 alternative inspections) and monthly AVO inspections. Leaks detected using AVO inspections must be repaired within 15 days after detection and concluded within 15 days after that, while leaks detected using OGI or EPA Method 21 inspections must be repaired beginning 30 days after detection and finalized 30 days later.

The rule provides the opportunity for regulated parties to replace traditional leak detection programs (i.e. using Method 21 and OGI) with advanced measurement technologies such as on-site sensor networks and aerial flyovers using remote sensing technology. These technologies need to be approved by EPA in advance when an owner or operator submits a monitoring plan. The frequency at which these alternative technologies must be used in order to satisfy the traditional OGI/Method 21 requirements varies depending upon the capabilities of the technology itself. For example, if the technology has an aggregate detection threshold of 15 kilograms per hour, periodic screenings must be conducted monthly.

Well Closure. The rule requires that fugitive emissions monitoring continue until the closure of any well pursuant to a well closure plan. Once a well is closed, a final OGI survey must be performed. If any emissions are detected in this final survey, they must be eliminated. Then, the results of the OGI survey, along with other details of the well closure, must be submitted to EPA.

Pneumatic Pump And Controller Requirements. The new rule requires that all pneumatic pump affected facilities in the oil and gas industry have zero emissions. In other words, the rule prohibits natural gas-driven pumps except at facilities with fewer than three natural gas-driven diaphragm pumps in areas where other power sources are inaccessible. EPA’s new rule also requires pneumatic controllers (now called process controllers) outside of Alaska to have zero methane and VOC emissions. The rule provides a one-year period for operators and owners to come into compliance.

Well Liquids Unloading. The rule requires that affected gas wells that unload liquids minimize or eliminate venting of emissions during liquids unloading events to the maximum extent possible using best management practices. Alternatively, such wells can comply by reducing methane and VOC emissions from gas well liquids unloading events by 95 percent using a closed vent system (CVS) to route emissions to a control device.

Well Completions. The rule also regulates well completion of hydraulically fractured or refractured wells. During completion of most non-wildcat and non-delineation wells, owners or operators must route all flowback to a storage or completion vessel and separator. They must then utilize any salable gas (for example, as fuel on-site) and route all liquid to a storage or well completion vessel, a collection system, or another well. During completion of wildcat and delineation wells (and non-wildcat and non-delineation low pressure wells), owners or operators must either route all flowback to a completion combustion device or well completion vessels and use a separator.

Centrifugal Compressors. Centrifugal compressors with wet seals at new affected facilities other than well sites must reduce methane and VOC emissions from their fluid degassing systems by 95 percent by routing emissions to a control device or process. Some new centrifugal compressors such as centrifugal compressors with dry seals must instead meet work practice performance-based volumetric flow rate standards. At existing facilities located at non-well sites, the requirement will be monitoring and repair to maintain volumetric flow rate at or below 3 standard cubic feet per minute per seal.

Reciprocating Compressors. Reciprocating compressors must meet a performance-based emissions standard of 2 standard cubic feet per minute per cylinder.

Covers, Closed Vent Systems and Combustion Control Devices. Similar to the existing VOC rules, covers and CVSs must demonstrate their ability to comply with the no identifiable emissions standard through OGI or EPA Method 21 monitoring and AVO inspections conducted at the same frequency as the fugitive emissions monitoring for the type of site where the cover and CVS are located. Combustion control devices being used to meet a 95 percent emission reduction standard must demonstrate a continuous level of control of emissions through performance tests every 5 years.

Equipment Leaks at Natural Gas Processing Plants. Equipment located at onshore natural gas processing plants, defined as pumps, pressure relief devices, open-ended valves, and flanges and other connectors, must be inspected either (i) bimonthly using OGI monitoring or (ii) according to EPA Method 21 monitoring at the corresponding frequencies of each type of equipment. The rule also includes specific requirements for each piece of equipment. For example, open-ended valves must all be equipped with closure devices.

Sweetening Units. Affected facilities with a sulfur production rate of at least 5 long tons per day must reduce sulfur dioxide emissions by 99.9 percent. For affected facilities with a design capacity of less than 2 long tons per day of hydrogen sulfide in acid gas, recordkeeping and reporting are required but emissions controls are not. These rules only apply to new and modified sources.

How Does the Rule Intersect with Other Climate Change Laws and Programs? EPA’s final methane rule is part of a larger effort by the Biden Administration to address climate change. Related laws and proposals include:

In August 2022, Congress passed the Inflation Reduction Act (IRA) creating a phase-in schedule for a methane fee that commences in 2024. In 2024, the fee will be levied on methane emissions in excess of the allowance at a rate of $900 per metric ton. That rate will rise to $1200 in 2025, and it will remain at $1500 from 2026 on. Importantly, this fee applies only to facilities that are out of compliance with EPA’s methane emissions requirements and do not fall under another exemption.
In July 2023, EPA proposed key changes to the greenhouse gas emissions reporting requirements for the oil and gas sector. If finalized, most of the proposed changes would be reflected in reports for Reporting Year 2025, due by March 31, 2026.This proposed regulatory action would (i) newly require reporting for emissions from maintenance or other abnormal emission events (including planned releases from maintenance activities), (ii) revise existing calculation methodologies, (iii) expand reporting requirements for certain emissions sources, and (iv) clarify ownership transfer rules and reporting responsibility for assets sold or purchased during the reporting year.

__________

[1] To see a chart explaining how the 2023 rule compares to the 2012 and 2016 emissions rules with regard to specific facilities, go to https://www.epa.gov/system/files/documents/2023-12/epas-oil-and-natural-gas-final-rule-.table-of-covered-sources.pdf.

[2] In order to buoy the rule against potential legal challenges by states and other actors, the rule is self-described as severable with regard to each of its categories of actions and with regard to each emissions source it regulates.

[3] Two additional categories in the regulatory framework are edits to reconcile inconsistencies created by Congress’s repeal of 2020 methane rules and an appendix, appendix K, that establishes a protocol for the use of optical gas imaging inspections.

[4] A table summarizing the translation of BSER into concrete requirements for new and existing regulated sources can be found at https://www.epa.gov/system/files/documents/2023-12/summary-of-key-requirements-table.pdf.

The following Gibson Dunn attorneys assisted in preparing this update: Stacie Fletcher, Rachel Levick, Veronica J.T. Goodson, Monica Murphy, Samantha Yi*, and Dominic Solari.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Environmental Litigation and Mass Tort, Environmental, Social and Governance, Oil and Gas or Cleantech practice groups:

Environmental Litigation and Mass Tort:
Stacie B. Fletcher – Washington, D.C. (+1 202.887.3627, sfletcher@gibsondunn.com)
David Fotouhi – Washington, D.C. (+1 202.955.8502, dfotouhi@gibsondunn.com)
Rachel Levick – Washington, D.C. (+1 202.887.3574, rlevick@gibsondunn.com)
Veronica J.T. Goodson – Washington, D.C. (+1 202.887.3719, vgoodson@gibsondunn.com)

Environmental, Social and Governance (ESG):
Hillary H. Holmes – Houston (+1 346.718.6602, hholmes@gibsondunn.com)
Elizabeth Ising – Washington, D.C. (+1 202.955.8287, eising@gibsondunn.com)
Perlette M. Jura – Los Angeles (+1 213.229.7121, pjura@gibsondunn.com)
Ronald Kirk – Dallas (+1 214.698.3295, rkirk@gibsondunn.com)
Michael K. Murphy – Washington, D.C. (+1 202.955.8238, mmurphy@gibsondunn.com)

Oil and Gas:
Michael P. Darden – Houston (+1 346.718.6789, mpdarden@gibsondunn.com)
Anna P. Howell – London (+44 20 7071 4241, ahowell@gibsondunn.com)
Rahul D. Vashi – Houston (+1 346.718.6659, rvashi@gibsondunn.com)

Cleantech:
John T. Gaffney – New York (+1 212.351.2626, jgaffney@gibsondunn.com)

*Samantha Yi is an associate working in the firm’s Washington, D.C. office who currently is admitted to practice in Maryland.

The steps will further strengthen London’s position as a leading centre for resolution of cross-border commercial disputes.

The UK Government has recently taken two steps that will further strengthen London’s position as a leading centre for the resolution of cross-border commercial disputes: (1) introducing legislation updating the UK Arbitration Act 1996 (the “1996 Act”); and (2) confirming that the UK will join the Hague Convention on the Recognition and Enforcement of Foreign Judgments in Civil or Commercial Matters (the “Hague Convention”) as soon as practicable. This client alert highlights some key takeaways from each development.

I. Updates to the 1996 Act

(a) Status

Arbitration in England and Wales is regulated by the 1996 Act – a framework that has helped contribute to London’s global ranking as the most preferred seat for international commercial arbitration.[1] In 2021, the UK Government asked the Law Commission to review the 1996 Act, to determine “whether there might be any amendments to be made in order to ensure that it is fit for purpose…”.[2]

The results of this consultation process were published in September 2023, together with proposed draft legislation to implement the reforms proposed (the “Arbitration Bill”). The consultation concluded that wholesale reform was not needed or wanted; and the list of recommendations were confined to “a few major initiatives”, and “a very small number of minor corrections”.[3]

On 21 November 2023, the Arbitration Bill began its progress through the UK Parliament.[4] It is expected that the legislative process will be straightforward, and that the amended act will become law in 2024.

(b) What are the key changes?

Although the Arbitration Bill does not seek to reform the 1996 Act wholesale, there are some important changes:

A new express provision for summary disposal. The Arbitration Bill provides that a party will be able to apply for a claim, defence or issue to be dismissed “on a summary basis” if it has “no real prospect of succeeding” (thus aligning the test with that of summary judgment in the English courts). Whilst the power to dismiss summarily exists implicitly under the 1996 Act, the lack of express provision has meant that arbitral tribunals have been reluctant to exercise this power in practice. The proposed standard for dismissal is lower than most arbitral institutional rules provide (“manifestly without merit”).[5] Parties may nevertheless agree to those higher standards, however, as the new provision of the 1996 Act will be ‘opt out’.

The law governing an arbitration agreement is the law of the seat of the arbitration, absent express party agreement otherwise. This reverses the UK Supreme Court’s decision in Enka v Chubb [2020] UKSC 38,[6] where the court held, in short, that where parties have not expressly chosen a law to govern an agreement to arbitrate, but they have made an express choice of law to govern the wider (or “matrix”) contract in which the arbitration agreement sits, the law governing the matrix contract is likely to be considered the implied choice of law of the arbitration agreement. This is an important change for parties negotiating arbitration agreements: the law that governs that arbitration agreement should be express if different to the law of the seat, otherwise it will be deemed to be the law of the seat.

The process for challenging an award for lack of substantive jurisdiction has changed. Under s. 67 of the 1996 Act, a party may challenge an award as to its substantive jurisdiction, and this will involve a full re-hearing before court. The Arbitration Bill expressly limits the new arguments that may be heard in that context as follows:
- a ground for objection that was not raised before the arbitral tribunal must not be raised before the court unless the applicant shows that, at the time of the arbitration proceedings, the applicant did not know and could not with reasonable diligence have discovered the ground;
- evidence that was not heard by the tribunal must not be heard by the court unless the applicant shows that, at the time of the arbitration proceedings, the applicant could not with reasonable diligence have put the evidence before the tribunal; and
- evidence that was heard by the tribunal must not be re-heard by the court, unless the court considers it necessary “in the interests of justice”.

The court’s supportive powers of arbitration proceedings have been clarified. The Arbitration Bill: (i) clarifies that orders under s. 44 of the 1996 Act (including in relation to the preservation of evidence, and for injunctive relief) can be made against third parties;[7] and (ii) provides for the enforcement of emergency arbitrator decisions.[8]

Codifies an arbitrator’s duty of disclosure, introducing a statutory duty on an arbitrator to disclose “circumstances that might reasonably give rise to justifiable doubts as to [their] impartiality”.[9]

II. UK to join the Hague Convention

The second notable development is the UK Government’s confirmation that the UK will join the Hague Convention “as soon as practicable”, following a consultation period.[10]

The Hague Convention is a multilateral convention, which entered into force on 1 September 2023. The Hague Convention provides a set of common rules for the recognition and enforcement of judgments given in civil and commercial matters, between Contracting Parties. The merits of a judgment cannot be reviewed, and recognition and enforcement can only be refused on the grounds specified therein. While most national laws provide for the enforcement of foreign judgments (subject to certain conditions), such laws differ as between jurisdictions. This can make the enforcement of foreign judgments unpredictable, lengthy and costly. By establishing common rules, however, the Hague Convention provides greater certainty and reduces complexity (and cost) of that process.

The UK Government is expected to sign and ratify the Hague Convention without delay, and it will enter into force 12 months from the date on which the UK deposits its instrument of ratification.

__________

[1] Queen Mary University of London, 2021 International Arbitration Survey: Adapting arbitration to a changing world, available here: https://arbitration.qmul.ac.uk/research/2021-international-arbitration-survey/.

[2] Law Commission, Review of the Arbitration Act 1996, Current project status, available here: https://lawcom.gov.uk/project/review-of-the-arbitration-act-1996/.

[3] Law Commission, Review of the Arbitration Act 1996: Final report and Bill, paragraph 1.22, available here: https://lawcom.gov.uk/project/review-of-the-arbitration-act-1996/.

[4] https://bills.parliament.uk/publications/53038/documents/4022.

[5] See, for example, LCIA Arbitration Rules 2020, Article 22.1(viii); ICSID Convention Arbitration Rules 2022, Article 41; ICC Rules of Arbitration, Article 22 and Note to Parties and Arbitral Tribunals on the Conduct of the Arbitration under the ICC Rules of Arbitration, Section C.

[6] Enka v Chubb [2020] UKSC 38, available here: https://www.supremecourt.uk/cases/docs/uksc-2020-0091-judgment.pdf.

[7] Section 9 of the Arbitration Bill.

[8] Section 8 of the Arbitration Bill.

[9] Section 2(2) of the Arbitration Bill.

[10] Government response to the Hague Convention of July 2019 on the Recognition and Enforcement of Foreign Judgements in Civil or Commercial Matters (Hague 2019), 23 November 2023, available here: https://www.gov.uk/government/consultations/hague-convention-of-2-july-2019-on-the-recognition-and-enforcement-of-foreign-judgments-in-civil-or-commercial-matters-hague-2019/outcome/government-response-to-the-hague-convention-of-july-2019-on-the-recognition-and-enforcement-of-foreign-judgements-in-civil-or-commercial-matters-hagu.

The following Gibson Dunn attorneys assisted in preparing this update: Piers Plumptre, Stephanie Collins, Theo Tyrrell and Harriet Codd.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s International Arbitration, Judgment and Arbitral Award Enforcement, or Transnational Litigation practice groups, or any of the following in London:

Penny Madden KC (+44 20 7071 4226, pmadden@gibsondunn.com)
Piers Plumptre (+44 20 7071 4271, pplumptre@gibsondunn.com)
Stephanie Collins (+44 20 7071 4216, SCollins@gibsondunn.com)
Theo Tyrrell (+44 20 7071 4016, ttyrrell@gibsondunn.com)
Harriet Codd (+44 20 7071 4057, hcodd@gibsondunn.com)

The Co-Chairs of our Privacy, Cybersecurity and Data Innovation Practice Group, Ahmed Baladi (Paris) and Alexander Southwell (New York), and partner Cassandra Gaedt-Sheckter (Palo Alto), discuss how GDPR has impacted U.S. laws and companies. They examine the contrasts between U.S. privacy laws and GDPR in Europe, provide an overview of enforcement actions in the U.S., particularly California, and review the challenges companies face when dealing with global data privacy laws.

Previous Episode | Next Episode

HOSTS:

Ahmed Baladi is a partner in the Paris office of Gibson, Dunn & Crutcher, where he is co-chair of the firm’s Privacy, Cybersecurity and Data Innovation practice and a member of the Artificial Intelligence practice. Ahmed has developed renowned experience in a wide range of privacy and cybersecurity matters including compliance and governance programs in light of the GDPR. He regularly represents companies and corporate executives on investigations and procedures before Data Protection Authorities. He also advises a variety of clients on data breach and national security matters including handling investigations, enforcement defense and crisis management.

Alexander Southwell is one of the nation’s leading technology-focused litigators and investigations lawyers and is regularly called upon by numerous leading global companies to counsel on — as well as handle investigations, enforcement defense, and litigation related to — a wide array of privacy, data breach, information technology and governance, theft of trade secrets, computer fraud, advertising and marketing practices, and network and data security issues. A partner in Gibson, Dunn & Crutcher’s New York office, Mr. Southwell founded and co-chairs the Firm’s Chambers-ranked Privacy, Cybersecurity, and Data Innovation Practice Group and is a member of the White Collar Defense and Investigation, Litigation, Crisis Management, and Artificial Intelligence Practice Groups. Mr. Southwell is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals.

Cassandra Gaedt-Sheckter is a partner in Gibson, Dunn & Crutcher’s Palo Alto office, where she co-chairs the global Artificial Intelligence (AI) practice, and is a key member of the Privacy, Cybersecurity and Data Innovation practice, including as the leader of the firm’s State Privacy Law Task Force. With extensive experience advising companies on AI, data privacy, and cybersecurity issues, Cassandra focuses on regulatory compliance counseling and privacy and AI program development, regulatory enforcement matters, and transactional representations. Cassandra advises clients in various industries, from leading tech companies and luxury fashion companies, to shipping giants.

The proposed regulations address, on a comprehensive basis for the first time in over 40 years, the determination of the investment tax credit for energy property under section 48.

On November 17, 2023, the IRS and Treasury issued proposed regulations (the “Proposed Regulations”) addressing, on a comprehensive basis for the first time in more than 40 years, the determination of the investment tax credit for energy property under section 48 (the “ITC”).[1] The Proposed Regulations also revisit more recent guidance on the prevailing wage and apprenticeship requirements (the “PWA Requirements”)[2] and provide guidance on other changes resulting from the Inflation Reduction Act of 2022 (the “IRA”), which made substantial adjustments to the ITC.[3] Taxpayers are permitted to rely on the Proposed Regulations until final regulations are published.

This alert briefly provides background on the ITC, summarizes the primary substantive content of the Proposed Regulations, and concludes with some observations regarding key implications for taxpayers.

Background

ITC-eligible property includes certain solar energy property, qualified biogas property, energy storage technology, and certain other properties. Although an ITC has been available for the placement in service of qualifying energy property since 1978, the IRS and Treasury have not issued comprehensive guidance relating to the determination of energy property ITC since 1981, despite significant technological developments and material changes to section 48 in the interim. Most recently, the IRA significantly increased the types of property that are eligible for the ITC, introduced the PWA Requirements, and added ITC “adder” or “bonus” amounts for projects that meet additional requirements (e.g., “energy community” siting and domestic content).[4] As a result, the ITC provisions are among the more frequently revised provisions in the Code, and the IRS and Treasury staff faced a heavy task in attempting to capture a lifetime (literally) of legal developments.

The Proposed Regulations provide long-sought updates to the ITC regulations and additional guidance with respect to critical IRA provisions.

Requirements for Energy Property

The Proposed Regulations touch nearly every aspect of ITC determination and computation; in some instances, the Proposed Regulations appear to represent a significant departure from existing law.

Units of Energy Property and Integral Parts

The Proposed Regulations provide that ITC-eligible property includes both (1) energy property (defined to “include” a “unit of energy property,” which is further defined as “all functionally interdependent components”) and (2) integral parts.[5] A component of energy property is “functionally interdependent” if placing the component in service, along with the other components, is necessary to generate or store electricity, thermal energy, or hydrogen, or otherwise perform a required function. “Integral part” is defined using long-standing ITC principles (and notably would include subsea export cables to an onshore substation).

Retrofitted Property

Generally speaking, under the IRS’s “80/20 rule” (which has appeared in various forms of IRS guidance), property may be treated as originally placed in service even if it contains some items of used property as long as the fair market value of the used property is not more than 20 percent of the total value of the relevant property. The Proposed Regulations make explicit the application of the 80/20 rule to ITC property, but compute the 80/20 rule by reference to the “unit of energy property” under the definition described above and take into account costs paid or incurred with respect to “integral parts” for ITC purposes only if the 80/20 rule is satisfied with respect to the “unit of energy property.” Importantly, subject to limited exceptions, the Proposed Regulations make clear that modifications or improvements to existing energy property are not eligible for the ITC unless the 80/20 rule is satisfied.

Fractional Interest / Multiple Owners Rule

The Proposed Regulations introduce a new rule providing that a taxpayer must own at least a fractional interest in an entire “unit of energy property” to claim the ITC in respect of any component of that energy property. Put differently, the ITC is disallowed if, for example, a taxpayer owns only one or more components (but less than all) of a “unit of energy property.” For purposes of this rule, “related taxpayers” (i.e., members of a group of trades or businesses that are under common control under Treas. Reg. § 1.52–1(b)) are treated as a single taxpayer.[6]

Dual Use Property

Under the existing regulations, if property uses energy from both qualifying sources and nonqualifying sources, the eligibility of the property for the ITC depends on the annual percentage of energy used from qualifying sources. Above a threshold percentage (computed with respect to each applicable year), the ITC is determined on a proportionate basis; below the cliff threshold percentage, the ITC is disallowed. In response to numerous taxpayer requests, the Proposed Regulations lower the cliff threshold percentage for ITC eligibility from 75 percent to 50 percent. Before the IRA, the dual use property rule was particularly onerous for determining the ITC eligibility of energy storage technologies, but the Proposed Regulations confirm that the IRA effectively overrode the dual use property rule for energy storage technologies.

Categories of Energy Property

In addition to simply updating the existing regulations for changes to the Code, the Proposed Regulations provide new guidance defining both new and existing categories of energy property. Certain of these categories are discussed below.

Energy storage technology. The Proposed Regulations would provide several critical clarifications regarding ITC-eligible energy storage technology:

Ammonia, methanol, and other hydrogen carriers: The preamble indicates that ITC-eligible hydrogen energy storage property includes storage via a “material based” medium (which may include forms of ammonia and methanol) or a “physical based” storage medium, provided that the storage is used solely for the production of energy (including the production of heat, the generation of electricity, or the use in a fuel cell vehicle) and not for the production of end products, such as fertilizer

Rechargeable electrochemical batteries and “second life” batteries: Rechargeable electrochemical batteries of all types would be ITC eligible. “Second life” battery components would be counted in determining whether an improvement to energy storage technology is ITC eligible, but, as is required by the Code, only if the modifications to the energy storage technology satisfy the statutory threshold applicable to that modified energy storage technology.[7] The IRS and Treasury separately are continuing to consider whether “second life” batteries should be considered new components for purposes of the 80/20 rule (discussed above).

Qualified biogas property. ITC-eligible qualified biogas property is defined in the Code as property comprising a system that converts biomass into a gas that is not less than 52 percent methane and captures the gas for sale or productive use (rather than for disposal by combustion), including any cleaning and conditioning property that is part of such a system. Notwithstanding the statutory reference to cleaning and conditioning property, however, the definition in the Proposed Regulations expressly excludes gas upgrading equipment, which generally concentrates the biogas (through removal of other gases such as carbon dioxide, nitrogen, or oxygen) into a mixture for injection into a pipeline.[8]

Geothermal property. The Proposed Regulations would clarify that ITC-eligible geothermal energy property includes production wells, injection wells, monitoring wells, and certain electricity generating equipment (for those projects that convert geothermal energy to electricity).[9] Consistent with the existing ITC regulations, distribution equipment also would be included as geothermal property under the Proposed Regulations.[10]

Electrochromic glass. The Proposed Regulations confirm statements in the legislative record that ITC-eligible electrochromic glass includes the full controls package, the electrochromic glass coating, as well as window and installation components (including glass, flashing, framing, and sealants). The Proposed Regulations add that windows incorporating electrochromic glass must be rated in accordance with the National Fenestration Rating Council (NFRC) and that secondary glazing systems must be rated in accordance with the Attachments Energy Rating Council (AERC) Rating and Certification Process.

Co-located property. The Proposed Regulations, like the Code, make clear that no ITC may be claimed in respect of any property that is part of a qualified facility generating section 45 production tax credits (“PTCs”). This prohibition makes delineating between an energy property (on which ITC is claimed) and a qualified facility (on which PTCs are claimed) of critical importance. Nevertheless, the Proposed Regulations provide that property that is shared by a PTC facility and an ITC property and that is an integral part of the ITC property will not be excluded from ITC qualification under this rule. An example in the Proposed Regulations illustrates the rule (or, perhaps, the exception to the rule) in the case of a PTC-eligible wind generation facility and an ITC-eligible energy storage property that share power conditioning and transfer equipment (which is integral to the energy storage property). The example explains how to allocate the cost of the power conditioning and transfer equipment between the wind generation facility and the energy storage property (for purposes of determining eligible ITC basis) and concludes that the shared integral equipment is ITC eligible (to the extent of the eligible basis) and that, because the shared equipment is not considered part of the PTC facility, the wind facility is eligible for PTCs.

Apprenticeship Requirements for Alteration and Repair

The Proposed Regulations would withdraw and re-propose portions of the proposed regulations issued with respect to the PWA Requirements in August 2023.

Under the IRA, other than certain grandfathered and statutorily excepted projects, a taxpayer seeking to claim the full (i.e., 30 percent, before adders) ITC generally must satisfy the PWA Requirements, including with respect to any alteration or repair of the ITC property during the five-year period beginning after the property is placed in service. Statutory cure provisions are available in the case of certain PWA Requirement failures, and if a taxpayer fails to cure a prevailing wage requirement failure during the recapture period, the unvested portion of the ITC would be subject to recapture. (Generally, 20 percent of the ITC fully vests every year, including the ITC “increase” for satisfying the PWA Requirements.) The Proposed Regulations would eliminate the recapture requirements for failing to satisfy the apprenticeship rules with respect to alteration and repair during the recapture period.[11]

“Energy Project” for PWA Requirements, Domestic Content, and Energy Community Rules

The PWA Requirements, the “domestic content” adder, and the “energy community” adder are applied with respect to an “energy project,” which is defined by the IRA as one or more energy properties that are operated as part of a single energy project. The Proposed Regulation would provide that multiple energy properties will be treated as an “energy project” if, at any time during the construction of the multiple energy properties, they are owned by a single taxpayer (together with any “related taxpayers”) and any two or more of the following factors are present:

The energy properties are constructed on contiguous pieces of land;
The energy properties are described in a common power purchase, thermal energy, or other off-take agreement or agreements;
The energy properties have a common intertie;
The energy properties share a common substation or thermal energy offtake point;
The energy properties are described in one or more common environmental or other regulatory permits;
The energy properties are constructed pursuant to a single master construction contract; or
The construction of the energy properties are financed pursuant to the same loan agreement.[12]

The Proposed Regulations also provide that, if multiple energy properties are treated as a single energy project under the begun construction rules (described in the preceding footnote), the multiple energy properties also will be treated as a single energy project for purposes of the PWA Requirements, the “domestic content” adder, and the “energy community” adder.

Commentary

The Proposed Regulations are a welcome development, but the guidance they provide is incomplete, especially without corresponding, fulsome recapture guidance (which, in its current form, is even more outdated than the existing ITC regulations). For example, the Proposed Regulations’ definition of a “unit of energy property” applies for purposes of (1) defining ITC-eligible property that does not need to separately satisfy the “integral” requirement, (2) applying the 80/20 rule, and (3) applying the new “fractional interest” rule. However, unlike the Code’s other “unit of property” rules (g., under sections 168 and 263A), this “unit of energy property” confusingly may not be the same unit of property with respect to which the ITC is actually determined or, critically, subjected to recapture.[13] Recapture guidance for circumstances in which damaged property is replaced is especially needed (in particular, in light of revisions to the 80/20 rule discussed below).

The Proposed Regulations state that “buildings (also referred to as structures) are generally not integral parts of an energy property because they are not integral to the activity of the energy property,” and then import part of a pre-1986 regular investment tax credit rule to define potentially “integral” buildings that are ITC-eligible.[14] However, any generalization against energy ITC-eligibility for buildings is not supported by the Code; buildings (and structural components) have been explicitly eligible (without qualification) for the energy ITC since it was enacted in 1978 (a point reiterated in the regulations since 1981), an effort by Congress to save taxpayers seeking the energy credit for building components from having to satisfy the exact rules to which the Proposed Regulations would subject them.[15] Indeed, several ITC-eligible properties are themselves building components.

Applying the 80/20 rule with respect to the ITC on a “unit of energy property” basis may represent a potentially significant change from present law, although its full effect is unclear without additional recapture guidance.[16] For example, although not as well developed as guidance under sections 168 or 263A, existing ITC guidance and rulings generally have analyzed the ITC qualification (and recapture) of replacement parts and improvements on a separate property-by-property basis.

The Proposed Regulations include welcome clarification that has been sought for several years by the offshore wind industry, making clear that ITC eligible property includes all property from the turbine downstream to onshore transformer and switchgear, including clarification that subsea export cables would qualify for the ITC.

The new fractional interest / multiple owners rule creates a massive new cliff-effect trap that will require taxpayers to be certain they own at least a fractional interest in the entire “unit of energy property” or otherwise risk total disallowance. The rule directly conflicts with the Tax Court’s decision in Cooper v. Commissioner;[17] it may be that the “unit of energy property” rules (described above) are intended to overrule that decision, although there is no mention of this intent in the preamble. This rule is likely to have an outsized impact on certain types of projects, including landfill gas projects, that are more likely to have different components of the project owned by different owners.

Although an example in the Proposed Regulations shows the ITC being claimed in respect of a battery that is co-located with a PTC facility, given the high stakes, further clarification would be helpful. For example, is a battery that is co-located with a PTC facility eligible for ITC even where the battery is not connected to the grid and is charged solely from the PTC facility (e., is arguably “integral” to the PTC facility)? Given the “integral part” framework of the Proposed Regulations and that a battery and a co-located PTC facility may represent separate projects, we believe it would be appropriate to adopt a bright-line rule specifying that energy storage property is eligible for the ITC even where the “unit of energy property” is integral to a co-located PTC facility.

Under the revised definition of “energy project,” which expressly excludes a facility on which PTC is claimed, it is curious that the decision about whether to claim PTC or ITC on a generation facility could have a material impact on the availability of certain credit adders, such as the domestic content adder, even for identical project configurations. (In particular, if PTC is claimed on the generation facility, then the generation facility and battery are independently tested. If, on the other hand, ITC is claimed on the generation facility, then the generation and battery are jointly tested.) A rule allowing for independent assessment of whether each particularly type of energy property is eligible for an adder would provide a more cohesive set of rules.

Application of the expansive “energy project” rules to the PWA Requirements, the “domestic content” adder, and the “energy community” adder (and, in particular, the “related taxpayer” rule) will make satisfaction of these requirements more challenging and will introduce new diligence and documentation hurdles.

The exclusion of gas upgrading equipment from the definition of qualified biogas property surprised many market participants (as it is arguably at odds with both the text of section 48 and analogous guidance) and is uncertain in scope. The preamble states that gas upgrading equipment is not a “functionally interdependent” component of qualified biogas property (and, therefore, implicitly not a “unit of [qualified biogas] energy property”). Unfortunately, the Proposed Regulations do not address whether gas upgrading equipment could be an “integral part” of qualified biogas property, e. whether gas upgrading equipment is used directly in the intended function of qualified biogas property and is essential to the completeness of the intended function.[18] Under this framework, gas upgrading equipment would seem to be an integral part of a single process to prepare biogas for sale or productive use; if the IRS and Treasury intended to signal that gas upgrading equipment needed to satisfy the “integral part” analysis (as it did with other equipment), would be helpful if they make that intent clearer.

Effective Date

The Proposed Regulations generally apply with respect to property placed in service during a taxable year beginning after the regulations are final, although (1) taxpayers may rely on these Proposed Regulations for taxable years beginning after December 31, 2022 and (2) the Proposed Regulations relating to the PWA Requirements apply to projects that begin construction after the date final regulations are published (except that the “energy project” rule applies to projects on which construction begins after November 22, 2023).

__________

[1] Unless indicated otherwise, all section references are references to the Internal Revenue Code of 1986, as amended (the “Code”), and references to “regulations” are references to those regulations promulgated under the Code.

[2] Please see our previous alert on the proposed regulations addressing the PWA Requirements, which is found here.

[3] As was the case with the so-called Tax Cuts and Jobs Act, the Senate’s reconciliation rules prevented Senators from changing the Act’s name, and the formal name of the so-called Inflation Reduction Act is actually “An Act to provide for reconciliation pursuant to title II of S. Con. Res. 14.”

[4] Please see our previous client alerts on these adders, which can be found here and here.

[5] “Integral parts” of energy property have been ITC-eligible since the energy credit was enacted in 1978, although the “integral part” language was not included in section 48 when the ITC statute was amended in 1990 for the gradual elimination of the regular investment tax credit that began in 1986. A reference to “integral parts” was included in section 48(a)(5) (election to claim the ITC for PTC facilities) when it was later enacted, and the statutory gap will be filled entirely when the ITC transitions to the technology neutral tax credit under section 48E in 2025.

[6] The preamble observes that “related taxpayer” is neither defined in section 48 nor did the IRS or Treasury receive comments regarding the “related taxpayer” rule in response to Notice 2015–70. Some further explanation may help clear up the confusion (and give an indication of the drafting task facing the IRS and Treasury): “Related taxpayer” is not defined in section 48 because it is not used in section 48; the language was removed, along with the rule to which it related, in 1990. The IRS and Treasury did not receive comments regarding the “related taxpayer” rule in response to Notice 2015–70 for that reason (and also because the IRS and Treasury did not ask for any such comments).

[7] Although improvements are generally not ITC eligible unless the modified property satisfies the 80/20 rule under the Proposed Regulations, modifications to energy storage technologies are subject to special statutory rules.

[8] In addition, the Proposed Regulations state that methane measurement would occur at the point at which gas exits the biogas production system, but likely before the biogas enters the gas upgrading equipment.

[9] Under the Proposed Regulations production equipment does not include equipment used for exploration and development of geothermal deposits.

[10] Distribution equipment generally is defined as equipment that transports geothermal energy from a geothermal deposit to the site of ultimate use. As is the case with the existing ITC regulations, however, geothermal property would not include any electrical transmission equipment.

[11] The cross-references in Prop. Treas. Reg. § 1.6418-5(f)(2) and Prop. Treas. Reg. § 1.6418-5(f)(3) to Prop. Treas. Reg. § 1.48-13(c)(3)(D) and to Prop. Treas. Reg. § 1.48-13(c)(3)(B), respectively, appear to have been intended as cross-references to Prop. Treas. Reg. § 1.48-13(c)(4) and to Prop. Treas. Reg. § 1.48-13(c)(3)(ii), respectively.

[12] Notice 2018-59 included a similar list of “single project” factors for purposes of determining whether construction had begun on a project, but did not contain the same numerical, two-factor threshold.

[13] Perhaps the single most persistent complaint we hear from clients involved in energy transition activities is the Code’s and Regulations’ inconsistent use of the critical IRA terms “project,” “facility,” “property,” and “component.” The Proposed Regulations may add “unit” to the list.

[14] Like the “unit of energy property” rule, this aspect of the Proposed Regulations appears to have its origins in Notice 2018-59, which is taxpayer-friendly guidance that addresses when construction began on ITC-eligible property but does not provide guidance as to what constitutes ITC-eligible property.

[15] This rule changes beginning in 2025, when buildings and their structural components become ineligible for the ITC under section 48E.

[16] Once again, this aspect of the Proposed Regulations appears to have been based on Notice 2018-59, which did not provide guidance for ITC eligibility.

[17] 88 T.C. 84 (1987).

[18] In contrast, the Proposed Regulations regarding electricity-generating property would treat analogous “power conditioning” and “transfer equipment” as integral.

The following Gibson Dunn attorneys prepared this update: Mike Cannon, Matt Donnelly, Josiah Bethards, Blake Hoerster, Alissa Fromkin Freltz, Duncan Hamilton, and Austin Morris.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Tax or Power and Renewables practice groups, or the following authors:

Tax:
Michael Q. Cannon – Dallas (+1 214.698.3232, mcannon@gibsondunn.com)
Matt Donnelly – Washington, D.C. (+1 202.887.3567, mjdonnelly@gibsondunn.com)
Josiah Bethards – Dallas (+1 214.698.3354, jbethards@gibsondunn.com)
Alissa Fromkin Freltz – Washington, D.C. (+1 202.777.9572, afreltz@gibsondunn.com)
Duncan Hamilton– Dallas (+1 214.698.3135, dhamilton@gibsondunn.com)
Blake Hoerster – Dallas (+1 214.698.3180, bhoerster@gibsondunn.com)

Power and Renewables:
Peter J. Hanlon – New York (+1 212.351.2425, phanlon@gibsondunn.com)
Nicholas H. Politan, Jr. – New York (+1 212.351.2616, npolitan@gibsondunn.com)

An annual update of observations on new developments and highlights of considerations for calendar-year filers preparing Annual Reports on Form 10-K.

Each year we offer our observations on new developments and highlight select considerations for calendar-year filers as they prepare their Annual Reports on Form 10-K. This alert touches upon recent rulemaking from the U.S. Securities and Exchange Commission (“SEC”), comment letters issued by the staff of the SEC’s Division of Corporation Finance (the “Staff”), and trends among reporting companies that have emerged throughout the last year.

An index of the topics described in this alert is provided below.

I. New Disclosure Requirements for 2023
A. Update on Repurchase Rule
B. Cybersecurity Risk Management, Strategy, and Governance Disclosures
1. Risk Management and Strategy
2. Governance
C. Rule 10b5-1 Plan Disclosures for Section 16 Officers and Directors
D. Compensation Clawback Disclosures
II. Disclosure Trends and Considerations
A. Climate Change
B. Human Capital
C. Generative Artificial Intelligence
D. Geopolitical Conflict
E. Potential Government Shutdown
F. Inflation and Interest Rate Concerns
III. SEC Comment Letter Trends
IV. Other Reminders and Considerations
A. Disclosure Controls and Procedures
B. Characterization of Legal Proceedings
C. EDGAR Next
D. Filing Requirement for “Glossy” Annual Report
E. Cover Page XBRL Disclosures

I. New Disclosure Requirements for 2023

Throughout 2023, the SEC has maintained the rapid pace of rulemaking we have seen since Chair Gary Gensler took office in 2021. New disclosure requirements that, for calendar year-end companies, will begin to apply for the first time with the 2023 Form 10-K consist of:

Cybersecurity risk management, strategy, and governance disclosures, which will be included under “Item 1C. Cybersecurity,” a new caption under Part I; and
Compensation clawback-related disclosures, which involve a new Exhibit 97, two new checkbox disclosures on the Form 10-K cover page, and disclosure in Part III, “Item 11. Executive Compensation,” which most companies will forward-incorporate by reference to their upcoming proxy statements.

Beginning with the 2024 Form 10-K next year, all of the new cybersecurity disclosure requirements will need to be tagged in Inline XBRL (“iXBRL”).

Rules that would have required new disclosures around company share repurchases and company Rule 10b5-1 plans were challenged in litigation and therefore appear unlikely to apply to companies’ 2023 Forms 10-K.

Set forth below are discussions of each of the new disclosure requirements.

A. Update on Repurchase Rule

On November 22, 2023, the SEC announced [1] that it had issued an order indefinitely postponing the effectiveness of the Share Repurchase Disclosure Modernization rule (the “Repurchase Rule”), pending further SEC action. At the same time, the SEC asked the Fifth Circuit for additional time to respond to the court’s order, discussed below, requiring the SEC to correct deficiencies in the Repurchase Rule by November 30, 2023. The petitioners in the lawsuit that had challenged the Repurchase Rule opposed the SEC’s motion and requested instead vacatur of the Repurchase Rule. The court denied the SEC’s motion on November 26, 2023. We will provide further updates on the Repurchase Rule in the Gibson Dunn Securities Regulation Monitor.[2]

The Repurchase Rule, discussed in our client alert here[3], requires companies to: (i) disclose daily company share repurchase data in a new table filed as an exhibit to reports on Form 10-Q and Form 10-K, (ii) provide narrative disclosure in those filings about the company’s share repurchase program, including its objectives and rationale, and referencing the particular repurchases that correspond to that narrative, (iii) indicate by a checkbox whether any executives or directors traded in the company’s equity securities within four business days before or after the public announcement of the repurchase plan or program or the announcement of an increase of an existing share repurchase plan or program, and (iv) provide quarterly disclosure regarding the company’s adoption or termination of any Rule 10b5-1 trading arrangements. The Repurchase Rule was scheduled to go into effect beginning with the Form 10‑K or Form 10-Q filed for the first full fiscal quarter beginning on or after October 1, 2023, meaning that for calendar year-end companies, these disclosure requirements would have applied to the 2023 Form 10-K. While the Repurchase Rule is stayed, the pre-existing share repurchase disclosure rules, requiring information on share repurchase programs and quarterly repurchase disclosures presented on an aggregated, monthly basis, remain in effect. In addition, as discussed in Section I.C below, companies must continue to satisfy the Rule 10b5-1 plan disclosure requirements for Section 16 officers and directors.

B. Cybersecurity Risk Management, Strategy, and Governance Disclosures

On July 26, 2023, the SEC adopted a suite of new cybersecurity disclosure requirements, which we discussed in our client alert available here.[4] In addition to the incident disclosure requirements on Form 8-K, the final rule includes a number of new disclosure items on Form 10-K regarding cybersecurity risk management, strategy, and governance under new Item 106 of Regulation S-K. Companies are required to comply with these disclosure requirements beginning with the Form 10-K for the first fiscal year ending on or after December 15, 2023, which for calendar year-end companies is the 2023 Form 10-K.

1. Risk Management and Strategy

Under new Item 106, companies are required to describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats in sufficient detail for a reasonable investor to understand those processes. The definitions of cybersecurity incident and cybersecurity threat extend to all information systems a company uses, not just those the company itself owns. In providing such disclosure, a company should address, as applicable, the following non-exclusive list of disclosure items:

Whether and how any such processes have been integrated into the company’s overall risk management system or processes;
Whether the company engages assessors, consultants, auditors, or other third parties in connection with any such processes; and
Whether the company has processes to oversee and identify such risks from cybersecurity threats associated with its use of any third-party service provider.

Companies must also describe whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the company, including its business strategy, results of operations, or financial condition and if so, how.

While discussing the board’s role in company-wide risk oversight is familiar for public companies, this new requirement goes further and requires that companies delve more deeply into the company’s efforts to assess, identify and manage this one particular area of risk. As such, compliance with the rules will require coordination with personnel responsible for day-to-day cybersecurity risk management.

2. Governance

Companies must describe the board of directors’ oversight of risks from cybersecurity threats. If applicable, companies must identify any board committee or subcommittee responsible for the oversight of risks from cybersecurity threats and describe the processes by which the board or such committee is informed about such risks. In addition, companies must describe management’s role in assessing and managing the company’s material risks from cybersecurity threats, with such disclosure addressing, as applicable, the following non-exclusive list of disclosure items:

Whether and which management positions or committees are responsible for assessing and managing such risks, and the relevant expertise of such persons or members in such detail as necessary to fully describe the nature of the expertise;
The processes by which such persons or committees are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents; and
Whether such persons or committees report information about such risks to the board of directors or a committee or subcommittee of the board of directors.

With respect to management’s expertise, the instructions to Item 106 provide that it may include “[p]rior work experience in cybersecurity; any relevant degrees or certifications; any knowledge, skills, or other background in cybersecurity.” Interestingly, with this requirement, the SEC is seeking a level of detail regarding cybersecurity executives’ backgrounds that is not even required for chief executive officers or chief financial officers. Companies will need to think through how much detail is “necessary to fully describe the nature of the expertise” of its chief information security officer or other cybersecurity personnel.

As noted by the SEC, many companies currently address cybersecurity risks and incidents in the risk factor sections of their filings, and risk oversight and governance are often addressed in companies’ proxy statements. However, the new rule requires disclosures to appear in a newly designated Item 1C in Part I of the Form 10-K and does not allow the disclosures to be incorporated from the proxy statement. Companies should review their risk factor and proxy statement disclosures when drafting the new discussions of cybersecurity risk management, strategy, and governance in order to maintain consistency with the company’s past public statements regarding its cybersecurity risks governance and processes and to assess how those disclosures may be conformed or enhanced going forward. We expect companies will continue to include disclosure of cybersecurity governance in their proxy statements, and therefore should confirm that they are using terminology consistently across the documents and should consider whether any details disclosed under the new requirements should be repeated in the proxy statement disclosure.

Companies should note that, beginning with the Form 10-K next year (2024 for calendar year-end companies), all of the new disclosure requirements will need to be tagged in iXBRL (block text tagging for narrative disclosures and detail tagging for quantitative amounts).

C. Rule 10b5-1 Plan Disclosures for Section 16 Officers and Directors

On December 14, 2022, the SEC adopted a final rule introducing disclosure requirements with respect to the adoption or termination of Rule 10b5-1 plans by Section 16 officers and directors, which we discussed in more detail in our client alert available here.[6] In Form 10-K and Form 10-Q, companies must disclose whether any Section 16 officer or director adopted or terminated a Rule 10b5-1 plan or a “non-Rule 10b5-1 trading arrangement” during the prior quarter. Amended Rule 10b5-1 now specifically states that any modification or amendment to an existing trading plan to change the amount, price, or timing of the purchase or sale of the securities underlying the plan would be deemed termination of a plan and entry into a new plan, and would therefore trigger disclosure in the Form 10-K or Form 10-Q covering the quarter in which the plan was modified or amended. For all companies but smaller reporting companies (“SRCs”), the requirement became effective with the filing covering the first full fiscal quarter that began on or after April 1, 2023. SRCs are required to comply with the requirement beginning with the filing covering the first full fiscal quarter beginning on or after October 1, 2023, which for calendar year-end SRCs is the 2023 Form 10‑K. As noted above, the Repurchase Rule would have required disclosure of the same type of information regarding companies’ adoption or termination of Rule 10b5-1 plans, but the requirement has not taken effect.

For each trading arrangement that is adopted or terminated, the disclosure must identify whether the trading arrangement is a Rule 10b5-1 plan or a non-Rule 10b5-1 trading arrangement, and provide a brief description of the material terms (other than price), including (i) the name and title of the director or officer; (ii) the date of adoption or termination of the trading arrangement; (iii) the duration of the trading arrangement; and (iv) the aggregate number of securities to be sold or purchased under the trading arrangement (including pursuant to the exercise of any options).

As discussed in our previous post, the form of this disclosure is not prescribed by the final rule.[7] While the vast majority of companies we surveyed have provided narrative disclosure in response to the requirement, a minority have provided tabular disclosure instead. For an example of this narrative disclosure, please see our prior post regarding the new insider trading rules.[8]

While companies have taken a varied approach to this disclosure when no Section 16 officers or directors have adopted or terminated Rule 10b5-1 plans during the quarter, we note that the majority of companies we surveyed have chosen to include narrative disclosure that states there have been no such adoptions or terminations (e.g., “During the quarter ended [date], no director or officer (as defined in Rule 16a-1(f) under the Exchange Act) of the Company adopted or terminated any Rule 10b5-1 trading arrangements or non-Rule 10b5-1 trading arrangements (in each case, as defined in Item 408(a) of Regulation S-K).”). Another approach some companies have taken is to simply state “None” under the applicable Item, and a small minority of the companies elected to make no disclosure and to omit the relevant Item from the periodic filing altogether (which is permissible under the instructions to Part II of Form 10-Q, but not permissible in the Form 10-K).

D. Compensation Clawback Disclosures

On October 26, 2022, the SEC adopted final rules that require listed companies to implement policies for recovery (i.e., “clawback”) of erroneously awarded incentive compensation.[9] In addition to disclosures related to the application of the clawback policies, which for most companies will be included in the proxy statement,[10] there are two disclosure components specific to the Form 10-K that companies must comply with beginning with any Form 10-K filed on or after December 1, 2023, the date by which companies must have adopted the clawback policies. The first component is the addition of two new checkboxes to the Form 10-K cover page, which requires companies to indicate whether (i) the financial statements included in the filing reflect the correction of an error to previously issued financial statements and (ii) any such corrections are restatements that required a recovery analysis pursuant to Rule 10D-1(b). We expect a number of interpretive questions to arise with respect to the applicability of the checkboxes in various contexts. For example, the Staff has informally confirmed that the first checkbox would not need to be checked if the annual financial statements included in the Form 10-K reflect the correction of a material error to interim financial statements and where that error only affected the interim periods (but not any annual periods).[11]However, the first box may need to be checked if the 10-K reflects even an immaterial correction to previously issued annual financial statements. The second checkbox only needs to be checked for material error corrections (i.e., a “little r” restatement or “Big R” restatement) that triggered a clawback recovery analysis. The second component is the requirement for companies to file their clawback policy as Exhibit 97 to the Form 10-K.

II. Disclosure Trends and Considerations

A. Climate Change

The landscape of climate change disclosure requirements continues to evolve with the adoption of the Corporate Sustainability Reporting Directive (“CSRD”) by the European Council in November 2022, which impacts both EU and U.S. companies, and three new laws in California, which impact both public and private companies doing business or operating in California.[12] Final SEC rules on climate-related disclosure are still pending,[13] but the SEC has continued to issue Form 10-K comment letters regarding companies’ climate-related disclosures under existing requirements.

For companies reviewing their existing climate-related disclosures in their Form 10-K, a few items to consider in light of Staff comments made since the issuance of the SEC’s sample comment letter related to climate change disclosure that it issued in 2021[14] include:

Tailor climate-related disclosures to the company’s business and financial condition, rather than generic discussions on climate change. For example, the Staff may ask a company to provide specific disclosure, if material, as to the impact on the company’s business of climate change risks disclosed in the risk factor section. Overly broad statements may also inadvertently create future reporting obligations as legislation, such as California’s Assembly Bill No. 1305, begins to tie disclosure requirements to the making of certain sustainability-related claims.
Consider whether certain climate-related matters should be disclosed not only qualitatively, but also quantitatively. For example, if climate-related capital projects have become a significant portion of overall capital expenditures spending, the comment letters indicate that quantitative disclosure may be warranted.
For any climate-related disclosure included in the Form 10-K, take steps to adequately substantiate those disclosures. This involves, among other things, assessing the methodology and assumptions underlying climate-related disclosures. Companies should be mindful that disclosures made today can carry liability for years to come and give sufficient attention to these disclosures now to avoid liability down the road. Frameworks such as COSO’s “Achieving Effective Internal Control Over Sustainability Reporting” and related guidance can be helpful when building or expanding ESG-related internal controls.
As part of the disclosure controls and procedures for the 2023 Form 10-K filing, review the company’s publicly disclosed ESG materials, such as the company’s sustainability report, to determine whether any of the information is or may become material under federal securities laws. Based on Staff comments, the Staff has gone outside a company’s SEC filings to review ESG-related statements made elsewhere and ask what consideration was given to including such disclosures in the Form 10-K. To the extent information disclosed in sustainability reports is not material for purposes of SEC rules (often, it is not), appropriate disclaimers to that effect should be provided as we previously advised in our prior client alert, “Considerations for Climate Change Disclosures in SEC Reports.”[15]

B. Human Capital

Since 2021, companies have been required to include in their Form 10-K[16] a description of the company’s human capital resources, to the extent material to an understanding of the business taken as a whole, including the number of persons employed by the company and any human capital measures or objectives that the company focuses on in managing the business (such as, depending on the nature of the company’s business and workforce, measures or objectives that address the development, attraction and retention of personnel).

The rule adopted by the SEC did not define “human capital” or elaborate on the expected content of the disclosures beyond the few examples provided in the rule text. This principles-based approach has resulted in significant variation among companies’ disclosures. With three years of human capital disclosure now available, we recently conducted a survey of the substance and form of human capital disclosures made by the S&P 100 in their Forms 10-K for their three most recently completed fiscal years. While company disclosures continued to vary widely, we saw companies continuing to tailor the length of their disclosure and the range of topics covered and also noted a slight increase in the amount of quantitative information provided in some areas. For a more detailed summary of our findings from this survey, which looked at eight primary categories of human capital disclosure, please see our prior client alert, “Form 10-K Human Capital Disclosures Continue to Evolve.”[17]

While we anticipate that human capital disclosure will continue to evolve under the existing principles-based requirements, the SEC is expected to propose more prescriptive rules that could significantly change the landscape. At its meeting on September 21, 2023, the SEC’s Investor Advisory Committee approved subcommittee recommendations to expand required human capital management disclosures, which include prescriptive disclosure requirements (such as headcount of full-time versus part-time and contingent workers, turnover metrics, the total cost of the issuer’s workforce broken down into components of compensation, and demographic data of diversity across gender, race/ethnicity, age, disability, and/or other categories) as well as narrative disclosure in management’s discussion and analysis of how the company’s “labor practices, compensation incentives, and staffing fit within the broader firm strategy.”[18]

C. Generative Artificial Intelligence

Recent developments in artificial intelligence (“AI”), including generative AI, may accelerate or exacerbate potential risks related to technological developments. Companies should consider ways in which the company’s strategy, productivity, market competition and demand for the company’s products, investments and the company’s reputation, as well as legal and regulatory risks could be affected by AI. Companies should also consider any impacts related to cybersecurity and social or ethical challenges. These updates may affect existing risk factors or merit a new standalone risk factor or mention in the forward-looking statement disclaimer, depending on the importance of AI to the company’s business. Further consideration should be given to discussing AI in the business section and trends section of the MD&A, as applicable.

D. Geopolitical Conflict

Public companies need to consider the recent and evolving developments in the Middle East in their Form 10-K, including as to whether risks associated with these developments are adequately discussed in the risk factors, as well as their direct and indirect impacts on their operations and financial condition. While the SEC has not published specific disclosure guidance related to the Middle East, the Staff’s “Sample Comment Letter Regarding Disclosures Pertaining to Russia’s Invasion of Ukraine and Related Supply Chain Issues”[19] may provide guidance as to the types of disclosure that may be necessary. Companies should consider whether disclosure should be provided, to the extent material, regarding any material impacts or risks related to (i) direct or indirect exposure due to operations or investments in affected countries, securities trading in affected countries, sanctions imposed or legal or regulatory uncertainty associated with operating in or existing in the Middle East, (ii) direct or indirect reliance on goods or services sourced in the Middle East, (iii) actual or potential disruptions in the company’s supply chain, or (iv) business relationships, connections to, or assets in the Middle East.

Companies should undertake similar disclosure analyses to determine whether direct or indirect impacts of or material risks from the continued conflict between Russia and Ukraine or emerging geopolitical conflicts, such as rising tensions between China and Taiwan and China and the United States, should be discussed in any sections of the upcoming Form 10-K. Companies with operations in the People’s Republic of China should review the Division of Corporation Finance’s recent sample comment letter[20] highlighting three focus areas for periodic disclosures related to China-specific matters, including those arising from the Holding Foreign Companies Accountable Act (the “HFCAA”), the Uyghur Forced Labor Prevention Act, and specific government-related operational risks. In addition to posing questions regarding HFCAA disclosures, the sample letter includes comments directed at risk factors and MD&A disclosure.

E. Potential Government Shutdown

Companies should continue to monitor the potential for a shutdown of the U.S. federal government and consider whether any looming prospect of a shutdown poses new risks for the business. In particular, companies trading in U.S. government securities or other securities with values derived from U.S. government securities should revisit any risk factors or other disclosures related to potential default by the federal government, including discussing any material losses in MD&A or elsewhere. As noted in the SEC Division of Corporation Finance’s announcement in September regarding the anticipated impacts of a potential government shutdown, EDGAR will continue to accept filings during a shutdown, so filing Forms 10-K should not be affected.[21]

F. Inflation and Interest Rate Concerns

With the rise of inflation and relatively high interest rates, companies should consider whether their disclosures regarding inflation impacts and risks as well as recent rate increases and uncertainty regarding future rate changes are adequately discussed. Depending on the effect on a company’s operations and financial condition, additional disclosure of risk factors, MD&A, or the financial statements may be necessary.

In recent comment letters relating to inflation, the Staff has focused on how current inflationary pressures have materially impacted a company’s operations, including by pointing to statements regarding inflation made in a company’s earnings materials, and sought disclosure on any mitigation efforts implemented with respect to inflation. If inflation is identified as a significant risk, the Staff asked companies to quantify, where possible, the principal factors contributing to inflationary pressures and the extent to which revenues, expenses, profits, and capital resources were impacted by inflation.

In recent comment letters relating to interest rates, the Staff has asked companies to expand their discussion of rising interest rates in the Risk Factors and MD&A sections to specifically identify the actual impact of recent rate increases on the business’s operations and how the business has been affected.

It is also critical that companies confirm that their disclosures in “Item 7A. Quantitative and Qualitative Disclosures About Market Risk” are up-to-date and responsive to the requirements of Item 305 of Regulation S-K.

III. SEC Comment Letter Trends

In 2023, comment letters from the SEC Staff continued an emphasis on addressing disclosures in management’s discussion and analysis (“MD&A”) as well as the use of non-GAAP measures. In addition, although the SEC’s proposed climate change rules are still in flux, in 2023, the Staff continued to issue comment letters regarding companies’ climate-related disclosures under the current disclosure regime, continuing the trend that started in the fall of 2021.

A. Management’s Discussion and Analysis

Many of the comment letters addressing MD&A focused on disclosures relating to results of operations, with the Staff often requesting that registrants explain related disclosures with more specificity. The Staff has focused on disclosures regarding material period-to-period changes in quantitative and qualitative terms as prescribed by Item 303(b) of Regulation S-K. For example, the Staff has commented on disclosures about factors contributing to gross profit and revenue, to request that registrants provide both quantitative detail regarding the extent to which certain factors have impacted gross profit, as well as qualitative factors like which factors contribute to certain business sectors having a greater effect on gross product. The Staff has also requested that registrants make disclosures about known trends and uncertainties affecting their results of operations. Another area that the Staff has focused on is ensuring that key performance indicators (“KPIs”) are properly contextualized so that they are not misleading. The Staff has, in certain circumstances, requested that registrants provide additional disclosures about why KPIs are useful to investors, how they are used by management, and if there are any estimates or assumptions being used to calculate the various metrics. The Staff has also often asked registrants to quantify and provide additional disclosure regarding significant components of financial condition and results of operations that have affected segment results. Two other key areas of MD&A that the Staff focused on were critical accounting estimates and liquidity and capital resources. The Staff frequently noted that registrants’ disclosures regarding critical accounting estimates were too general, and requested that registrants provide a more robust analysis, consistent with the requirement now set forth in Item 303(b)(3) of Reg S-K. The Staff indicated that these disclosures should supplement, not duplicate, the disclosures in footnotes to financial statements.

B. Non-GAAP Financial Measures

The Staff expressed concerns regarding the improper use of non-GAAP measures in filings and issued several comments aligned with the Compliance and Disclosure Interpretations (“C&DIs”) released last December. Comments related to the latest C&DIs included a focus on whether operating expenses are “normal” or “recurring” (and therefore, whether exclusion from non-GAAP financial measures might be misleading). The Staff has also asked registrants about whether certain non-GAAP adjustments to revenue or expenses have made the adjustments “individually tailored.” In addition to a focus on the topics covered under the C&DIs, the Staff focused on a number of other matters relating to compliance with Item 10(e) of Regulation S-K, including prominence of non-GAAP measures, reconciliations, usefulness and purpose of particular measures, the exclusion of normal, recurring cash operating expenses (Non-GAAP C&DI 100.01), and the use of individually tailored accounting principles (Non-GAAP C&DI 100.04).

C. Segment Reporting

The Staff has also commented on a number of segment reporting disclosures. Examples of common comments include whether a registrant’s operating segments are properly categorized and the reasoning behind the aggregation of similar segments (and the factors used to identify different segments). Of particular note, the SEC has taken issue with registrations disclosing multiple measures of segment profit or loss in the notes to the financial statements and has indicated that registrants should not attempt to circumvent non-GAAP requirements when taking this approach.

D. Climate-Related Disclosures

As discussed in Part II.A above, climate-related disclosures continue to be a focus of the Staff. The Staff has often issued multiple rounds of letters on these types of disclosures, particularly when the initial response asserts that a category of climate-related disclosures is not material to its business (with the Staff frequently requesting the registrant to quantify the effects or costs or provide a materiality analysis).

IV. Other Reminders and Considerations

A. Disclosure Controls and Procedures

In light of the new cybersecurity disclosure rules and the end of the year for calendar companies, now is a good time for companies to take an opportunity to review their disclosure controls and procedures, which are intended to help companies collect pertinent information for review for purposes of their public disclosure obligations. The SEC has demonstrated a willingness to bring enforcement action on disclosure controls as they relate to issues it sees as priorities, including recent hot-button topics such as cybersecurity and workplace misconduct.

SolarWinds (Cybersecurity)

In October 2023, the SEC brought charges against SolarWinds Corporation, a software company, and its Chief Information Security Officer (the “CISO”) in connection with the cyberattack more commonly known as “SUNBURST,” which occurred in December 2020. Notably, this is the first time the SEC has brought a cybersecurity enforcement action against an individual. The SEC alleged that SolarWinds and the CISO made materially misleading statements and omissions about the company’s cybersecurity practices and risks in disclosures made on the company’s website and in public filings, which the SEC claims ultimately led to a drop in the company’s stock price following the subsequent disclosure of the SUNBURST cyberattack. Specifically, the complaint alleges that SolarWinds made a number of false statements relating to: (1) compliance with the National Institute of Standards and Technology (NIST) Cybersecurity Framework; (2) using a secure development lifecycle when creating software for customers; (3) having strong password protection; and (4) maintaining good access controls.

The SEC’s complaint also states that SolarWinds had deficient disclosure controls, alleging that at the time the company was touting its cybersecurity practices in its public disclosures, the CISO and other employees knew that the company had serious cybersecurity deficiencies, with internal documents “describ[ing] numerous known material cybersecurity risks, control issues, and vulnerabilities.” In doing so, the company was concealing from the public known poor cybersecurity practices that were ultimately exploited during the SUNBURST cyberattack. The complaint seeks permanent injunctive relief, disgorgement of profits, civil penalties, and an officer and director bar against the CISO.

The SEC’s actions in SolarWinds should be viewed in light of the new incident disclosure requirements on Form 8-K and recent prior enforcement cases (Pearson PLC 2021 and First American Financial Corporation in 2019). In these recent enforcement cases, the SEC focused on the importance of carefully assessing the materiality of a cyber incident and found incidents to be material even when there was not an adverse impact on the companies’ businesses.

Activision Blizzard (Workplace Misconduct)

Early in 2023, the SEC charged Activision Blizzard Inc., a video game development and publishing company (recently acquired by Microsoft Corporation) (“Activision Blizzard”), with a failure to maintain disclosure controls. Specifically, the SEC alleged that Activision Blizzard “lacked controls and procedures designed to ensure that information related to employee complaints of workplace misconduct would be communicated to [company] disclosure personnel to allow for timely assessment on its disclosures.” The SEC’s order stated that management “lack[ed] sufficient information to understand the volume and substance of employee complaints of workplace misconduct,” and therefore “management was unable to assess related risks to the company’s business, whether material issues existed that warranted disclosure to investors, or whether the disclosures it made to investors in connection with these risks were fulsome and accurate.” Activision Blizzard agreed to a cease-and-desist order and to pay a $35 million penalty to settle the charges.

DXC Technology (Non-GAAP Financial Measures)

In March 2023, the SEC settled charges against DXC Technology Company, an IT services company, for making misleading disclosures about its non-GAAP financial performance in multiple reporting periods from 2018 until 2020. Specifically, the SEC alleged that the company materially increased its non-GAAP earnings by negligently misclassifying tens of millions of dollars of expenses as transaction, separation and integration-related (“TSI”) costs and improperly excluding these expenses as non-GAAP adjustments. The SEC noted that “[t]he absence of a non-GAAP policy and specific disclosure controls and procedures caused employees within the [company] to make subjective determinations about whether expenses were related to an actual or contemplated transaction, regardless of whether the costs were actually consistent with the description of the adjustment included in the company’s public disclosures.” The order went on to explain that the company’s controller group and disclosure committee “negligently failed to evaluate the company’s non-GAAP disclosures adequately” and even failed to recognize that for years the company did not have a non-GAAP policy and adequate disclosure controls and procedures in place. Ultimately, the company’s negligence led to misstating the nature and scope of its TSI costs resulting in materially misleading statements. The company agreed to pay an $8 million penalty and to undertake to develop and implement appropriate non-GAAP policies and disclosure controls and procedures.

Charter Communications Inc. (Internal Accounting Controls)

In November 2023, the SEC charged Charter Communications Inc., a telecommunications company, for failure to establish internal accounting controls to provide reasonable assurances that its trading plans were conducted in accordance with the board of directors’ authorization, which required the use of trading plans in conformity with Rule 10b5-1. Under Rule 10b5-1, a trading plan intended to satisfy the rule may not permit the person who entered into the plan to exercise any subsequent influence over how, when, or whether to effect transactions under the plan. According to the SEC order in Charter Communications, many of the company’s trading plans contained “accordion” provisions allowing for increases to the amount of share repurchases if the company opted to conduct certain debt offerings. The SEC asserted that, since these debt offerings were available at the company’s discretion, this feature effectively gave the company the ability to increase trading activity after adoption of its trading plans—in violation of Rule 10b5-1 and, as a result, inconsistent with the board’s authorization. The SEC order explained that “the company did not have reasonably designed controls to analyze whether the discretionary element of the accordion provisions was consistent with the [b]oard’s authorizations” and Charter ultimately paid $25 million to settle the claims.[22]

In light of these recent enforcement actions, it is important for companies to regularly review their disclosure controls and procedures to identify and stay apprised of key risks that are relevant to the company.

B. Characterization of Legal Proceedings

Public companies often characterize legal proceedings in their securities filings as “without merit.” However, companies may want to reconsider relying on this boilerplate phrase in their legal proceedings disclosures following a decision in the fall of 2023 from the United States District Court for the District of Massachusetts.

In City of Fort Lauderdale Police and Firefighters’ Retirement System v. Pegasystems Inc.,[23] plaintiff shareholders initiated a class action against Pegasystems Inc. (“Pegasystems”) after it was ordered to pay over $2 billion in damages in a prior lawsuit regarding trade secret misappropriation. Although it did not initially disclose the trade secret matter in its securities filings when the lawsuit was first initiated in May 2020, Pegasystems eventually disclosed the matter in its Form 10-K in February 2022 stating its belief that “the claims brought against the defendants are without merit,” it had “strong defenses to these claims,” and “any alleged damages claimed by Appian are not supported by the necessary legal standard.” Pegasystems’ stock price dropped by about 16% the following day and, in May 2022, the jury returned a unanimous verdict in favor of the plaintiff in the trade secret matter.

In the subsequent class action, plaintiff shareholders alleged that Pegasystems made a number of false statements and falsely reassured investors that the claims in the trade secret matter were “without merit,” in light of the fact that its CEO was allegedly aware of the corporate espionage campaign. The court found that this was an actionable opinion statement explaining that “a reasonable investor could justifiably have understood [the CEO]’s message that [the trade secret] claims were ‘without merit’ as a denial of the facts underlying [the] claims—as opposed to a mere statement that Pega[systems] had legal defenses against those claims.” The court went on to say that Pegasystems was not required to admit any wrongdoing in its disclosure and that “[a]n issuer may legitimately oppose a claim against it, even when it possesses subjective knowledge that the facts underlying the claims against it are true. When it decides to do so, however, it must do so with exceptional care, so as not to mislead investors. For example, an issuer may validly assert its intention to oppose the lawsuit. . . . It also may state that it has ‘substantial defenses’ against it, if it reasonably believes that to be true. . . . An issuer may not, however, ‘make misleading substantive declarations regarding its beliefs about the merits of the litigation.’”

The court’s decision provides a cautionary tale against using boilerplate disclosure language when describing a company’s litigation matters, particularly where those disclosures are contradictory to the actual prospect of an adverse result. Going forward, companies should avoid relying on boilerplate language such as “without merit” to describe claims in a lawsuit; often times, there is at least some merit to litigation even if a defendant has a strong legal defense. Instead, statements like “we intend to contest this matter vigorously” or “we have substantial defenses” (if supportable) might be appropriate alternatives. Counsel for companies should carefully evaluate their legal proceedings disclosures—even for those matters that have previously been disclosed—and consider seeking input from management in assessing any allegations asserted against the company.

C. EDGAR Next

On September 13, 2023, the SEC proposed amendments to Rules 10 and 11 of Regulation S-T and Form ID regarding potential technical changes to EDGAR filer access and account management (referred to by the SEC as “EDGAR Next”). EDGAR Next would require filers to authorize designated account administrators to manage the filers’ accounts and make filings on the filers’ behalf and would require these account administrators and any other authorized users to have their own individual account credentials to access EDGAR Next. For details on the proposed amendments, see our prior post on this topic.[24]

In connection with the proposed amendments, the SEC opened a public beta environment that is available until March 15, 2024 for filers to test and provide feedback on the technical functionality of the changes contemplated by EDGAR Next. Details regarding how to access the EDGAR Next beta environment and related resources are available at the SEC’s dedicated EDGAR Next website.[25]

D. Filing Requirement for “Glossy” Annual Report

As discussed in last year’s alert, in June 2022 the SEC adopted amendments requiring that annual reports sent to shareholders pursuant to Exchange Act Rule 14a-3(c), otherwise known as “glossy” annual reports, must also be submitted to the SEC in the electronic format in accordance with the EDGAR Filer Manual. These annual reports will be in PDF format, and filed using EDGAR Form Type ARS. In its final rule, the SEC noted that electronic submissions in PDF format of the glossy annual report should capture the graphics, styles of presentation, and prominence of disclosures (including text size, placement, color, and offset, as applicable) contained in the reports. As noted in our report last year, this may cause technical concerns with file sizes when filing through EDGAR, and companies should be mindful of the file size of their glossy annual report and conduct test runs in advance of filing.

E. Cover Page XBRL Disclosures

On September 7, 2023, the SEC published a sample comment letter regarding XBRL disclosures.[26] Contained in this sample comment letter was a comment regarding how common shares outstanding are reported on the cover page as compared to on the company’s balance sheet. The sample comment addresses instances in which companies “present the same data using different scales (presenting the whole amount in one instance and the same amount in thousands in the second).” Companies thus should consider presenting their outstanding share data consistently throughout their Form 10-K.

* * * * *

The 2023 Form 10-K will require a number of new disclosures for the first time. Companies should start drafting their disclosures earlier rather than later, particularly where disclosures will require coordination with a number of teams, such as with the new cybersecurity disclosure requirements.

Looking ahead, there are several rules the SEC is expected to enact that have the potential to significantly impact future filings, including the highly anticipated climate disclosure rules, which have been pending since March 2022 and may require public companies to disclose their greenhouse gas emissions, those of their suppliers, and their downstream emissions. The latest Reg Flex agenda suggested that these rules would be finalized in October 2023, though this target has moved several times.

Additionally, the Financial Accounting Standards Board (FASB) has finalized rules related to enhanced tax disclosures and segment reporting that apply starting with the 2024 10-K[27],[28] and is considering rules regarding the disaggregation of expenses[29], each of which may require a significant amount of preparation.

__________

[1] See “Announcement Regarding Share Repurchase Disclosure Modernization Rule” (Nov. 22, 2023), available at https://www.sec.gov/corpfin/announcement/announcement-repurchase-disclosure-modernization-112223

[2] Gibson Dunn’s Securities Regulation Monitor is a blog site that provides frequent updates on securities law and corporate governance developments and is available at https://securitiesregulationmonitor.com/default.aspx

[3] For a further discussion on the share repurchase requirements, please see our prior client alert “SEC Adopts Amendments to Enhance Company Stock Repurchase Disclosure Requirements” (May 5, 2023), available at https://www.gibsondunn.com/sec-adopts-amendments-to-enhance-company-stock-repurchase-disclosure-requirements/.

[4] See “SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies” (July 26, 2023), available at https://www.sec.gov/news/press-release/2023-139.

[6] See “SEC Adopts Amendments to Modernize Rule 10b5-1 Insider Trading Plans and Related Disclosures” (Dec. 14, 2023), available at https://www.sec.gov/news/press-release/2022-222.

[7] Available at https://www.securitiesregulationmonitor.com/Lists/Posts/Post.aspx?ID=480.

[8] Available at https://www.securitiesregulationmonitor.com/Lists/Posts/Post.aspx?ID=480.

[9] See “SEC Adopts Compensation Recovery Listing Standards and Disclosure Rules” (Oct. 26, 2022), available at https://www.sec.gov/news/press-release/2022-192.

[10] Item 402 of Regulation S-K now requires companies to disclose how they have applied their recovery policies. If, during its last completed fiscal year, the company either completed a restatement that required recovery or there was an outstanding balance of excess incentive-based compensation relating to a prior restatement, the company must disclose (i) the date which the company was required to prepare each accounting restatement, the aggregate dollar amount of excess, and an analysis of how it was calculated; (ii) if the compensation is related to a stock price or TSR metric, the estimates used to determine the amount of erroneously awarded compensation; (iii) the aggregate dollar amount of excess incentive-based compensation that remained outstanding at the end of the company’s last completed fiscal year; (iv) the amount of recovery foregone under any impracticability exception used; and (v) for each current and former named executive officer, the amounts of incentive-based compensation that are subject to a clawback but remain outstanding for more than 180 days since the date the company determined the amount owed.

[11] Center for Audit Quality SEC Regulations Committee Highlights, Joint Meeting with SEC Staff (June 15, 2023), available at https://www.thecaq.org/wp-content/uploads/2023/09/June-15-2023-Joint-Meeting-HLs-FINAL-for-Posting-9-5-23.pdf (Section III.D.).

[12] For background on the CSRD, see “European Union’s Corporate Sustainability Reporting Directive—What Non-EU Companies with Operations in the EU Need to Know,” Gibson Dunn (Nov. 2022), available at https://www.gibsondunn.com/european-union-corporate-sustainability-reporting-directive-what-non-eu-companies-with-operations-in-the-eu-need-to-know/, and “European Corporate Sustainability Reporting Directive (CSRD): Key Takeaways from Adoption of the European Sustainability Reporting Standards,” Gibson Dunn (Aug. 2023), available at https://www.gibsondunn.com/european-corporate-sustainability-reporting-directive-key-takeaways-from-adoption-of-european-sustainability-reporting-standards/.

For background on California’s recently enacted climate disclosure laws, see “California Passes Climate Disclosure Legislation,” Gibson Dunn (Sept. 2023), available at https://www.gibsondunn.com/california-passes-climate-disclosure-legislation/, and “UPDATE: California Governor Signs Climate Legislation Into Law, Bug Signals Changes to Come,” Gibson Dunn (Oct. 2023), available at https://www.securitiesregulationmonitor.com/Lists/Posts/Post.aspx?ID=487.

[13] For more information on the SEC’s proposed rules on climate-related disclosure, see “The Enhancement and Standardization of Climate-Related Disclosures for Investors,” SEC (Apr. 2022), available at https://www.sec.gov/files/rules/proposed/2022/33-11042.pdf, and “Summary of and Considerations Regarding the SEC’s Proposed Rules on Climate Change Disclosure,” Gibson Dunn (Apr. 2022), available at https://www.gibsondunn.com/summary-of-and-considerations-regarding-the-sec-proposed-rules-on-climate-change-disclosure/.

[14] For a discussion of the 2021 and 2022 comment letters, see “SEC Staff Scrutiny of Climate Change Disclosures Has Arrived: What to Expect And How to Respond,” Gibson Dunn (Sept. 2021), available at https://www.securitiesregulationmonitor.com/Lists/Posts/Post.aspx?ID=446 and “Considerations for Preparing Your 2022 Form 10-K,” Gibson Dunn (Jan. 2023), available at https://www.gibsondunn.com/wp-content/uploads/2023/01/considerations-for-preparing-your-2022-form-10-k.pdf.

[15] Available at https://www.gibsondunn.com/considerations-for-climate-change-disclosures-in-sec-reports/.

[16] See “Modernization of Regulation S-K Items 101, 103, and 105, Release No. 33-10825” (Aug. 26, 2020), available at https://www.sec.gov/rules/final/2020/33-10825.pdf.

[17] Available at https://www.gibsondunn.com/form-10-k-human-capital-disclosures-continue-to-evolve/.

[18] Available at https://www.sec.gov/files/spotlight/iac/20230921-recommendation-regarding-hcm.pdf.

[19] See “Sample Letter to Companies Regarding Disclosures Pertaining to Russia’s Invasion of Ukraine and Related Supply Chain Issues” (May 3, 2021), available at https://www.sec.gov/corpfin/sample-letter-companies-pertaining-to-ukraine.

[20] Available at https://www.sec.gov/corpfin/sample-letter-companies-regarding-china-specific-disclosures.

[21] Available at https://www.sec.gov/corpfin/announcement/announcement-cf-pre-shutdown-communication-092723.

[22] SEC Commissioners Hester Peirce and Mark Uyeda dissented from this decision. Commissioners Peirce and Uyeda argued that this application of the rule went too far by using Section 13(b)(2)(B)(i)’s requirement that companies “devise and maintain a system of internal accounting tools” to require that Charter Communications had sufficient systems in place to answer the legal question of whether its trading plans were in compliance with Rule 10b5-1.

[23] No. CV 22-11220-WGY, 2023 WL 4706741 (D. Mass. July 24, 2023).

[24] Available at https://securitiesregulationmonitor.com/Lists/Posts/Post.aspx?ID=483.

[25] Available at https://www.sec.gov/edgar/filer-information/edgar-next.

[26] Available at https://www.sec.gov/corpfin/sample-letter-companies-regarding-their-xbrl-disclosures.

[27] Available at https://www.fasb.org/Page/ProjectPage?metadata=fasb-Targeted%20Improvements%20to%20Income%20Tax%20Disclosures

[28] Available at https://www.fasb.org/page/getarticle?uid=fasb_Media_Advisory_11-27-23.

[29] Available at https://www.fasb.org/Page/ShowPdf?path=Proposed+ASU%E2%80%94Income+Statement%E2%80%94Reporting+Comprehensive+Income%E2%80%94Expense+Disaggregation+Disclosures+%28Subtopic+220-40%29%E2%80%94Disaggregation+of+Income+Statement+Expenses.pdf&title=Proposed+Accounting+Standards+Update%E2%80%94Income+Statement%E2%80%94Reporting+Comprehensive+Income%E2%80%94Expense+Disaggregation+Disclosures+%28Subtopic+220-40%29%E2%80%94Disaggregation+of+Income+Statement+Expenses&acceptedDisclaimer=true&IsIOS=false&Submit.

The following Gibson Dunn attorneys assisted in preparing this update: Ron Mueller, Elizabeth Ising, Mike Scanlon, Mike Titera, Julia Lapitskaya, Matthew Dolloff, David Korvin, Meghan Sherley, Victor Twu, Maggie Valachovic, and Nathan Marak.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Securities Regulation and Corporate Governance or Capital Markets practice groups, or any of the following practice leaders and members:

Securities Regulation and Corporate Governance:
Elizabeth Ising – Co-Chair, Washington, D.C. (+1 202.955.8287, eising@gibsondunn.com)
James J. Moloney – Co-Chair, Orange County (+1 949.451.4343, jmoloney@gibsondunn.com)
Lori Zyskowski – Co-Chair, New York (+1 212.351.2309, lzyskowski@gibsondunn.com)
Brian J. Lane – Washington, D.C. (+1 202.887.3646, blane@gibsondunn.com)
Ronald O. Mueller – Washington, D.C. (+1 202.955.8671, rmueller@gibsondunn.com)
Thomas J. Kim – Washington, D.C. (+1 202.887.3550, tkim@gibsondunn.com)
Michael A. Titera – Orange County (+1 949.451.4365, mtitera@gibsondunn.com)
Aaron Briggs – San Francisco (+1 415.393.8297, abriggs@gibsondunn.com)
Julia Lapitskaya – New York (+1 212.351.2354, jlapitskaya@gibsondunn.com)

Capital Markets:
Andrew L. Fabens – New York, NY (+1 212.351.4034, afabens@gibsondunn.com)
Hillary H. Holmes – Houston, TX (+1 346.718.6602, hholmes@gibsondunn.com)
Stewart L. McDowell – San Francisco, CA (+1 415.393.8322, smcdowell@gibsondunn.com)
Peter W. Wardle – Los Angeles, CA (+1 213.229.7242, pwardle@gibsondunn.com)